Version 6.6 475 Mediant 2000
User's Manual 41. Syslog and Debug Recordings
41 Syslog and Debug Recordings
Syslog is an event notification protocol that enables a device to send event notification
messages across IP networks to event message collectors, also known as Syslog servers.
The device contains an embedded Syslog client, which sends error reports / events that it
generates to a remote Syslog server using the IP / UDP protocol. This information is a
collection of error, warning, and system messages that records every internal operation of
the device.
For receiving Syslog messages generated by the device, you can use any of the following
Syslog servers:
Device's embedded Syslog server: The device provides an embedded Syslog
server, which is accessed through the Web interface. This provides limited Syslog
server functionality.
Wireshark: Third-party network protocol analyzer (http://www.wireshark.org).
Third-party, Syslog server: Any third-party Syslog server program that enables
filtering of messages according to parameters such as priority, IP sender address,
time, and date.
41.1 Syslog Message Format
The Syslog message is sent from the device to a Syslog server as an ASCII (American
Standard Code for Information Interchange) message. Syslog uses UDP as its underlying
transport layer mechanism. By default, UDP port 514 is assigned to Syslog, but this can be
changed (see 'Configuring Syslog' on page 479).
Below is an example of a Syslog message:
13:10:57.811 : 10.13.4.12 : NOTICE : [S=235][SID:1034099026] (
lgr_flow)(63 ) UdpTransportObject#0- Adding socket event
for address 10.33.2.42:5060 [Time: 04-19-2012@18:29:39]
Syslog Message Format Description
Message Item Description
Message Types
Syslog generates the following types of messages:
ERROR: Indicates that a problem has been identified that
requires immediate handling.
WARNING: Indicates an error that might occur if measures
are not taken to prevent it.
NOTICE: Indicates that an unusual event has occurred.
INFO: Indicates an operational message.
DEBUG: Messages used for debugging.
Notes:
The INFO and DEBUG messages are required only for
advanced debugging. Therefore, by default, they are not
sent by the device.
When viewing Syslog messages in the Web interface,
these message types are color coded.
Message Sequence Number
[S=<number>]
Syslog messages are sequentially numbered in the format
[S=<number>], for example, "[S=643]".
A skip in the number sequence of messages indicates a loss
of message packets. For example, in the below Syslog
message generation, messages 238 through 300 were not
received. In other words, three Syslog messages were lost
To Next Page
Loading...
Need help?
General
