Syslog Operation
14-2 Configuring Syslog
By default, Syslog is operational on Enterasys switch devices at startup. All generated messages
are eligible for logging to local destinations and to remote servers configured as Syslog servers.
Using simple CLI commands, you can adjust device defaults to configure the following:
• Message sources—which system applications on which modules should log messages?
• Message destinations—will messages be sent to the local console, the local file system, or to
remote Syslog servers? Which facility (functional process) will be allowed to send to each
destination?
Syslog Operation
Developers of various operating systems, processes, and applications determine the circumstances
that will generate system messages and write those specifications into their programs. Messages
can be generated to give status, either at a certain period of time, or at some other interval, such as
the invocation or exit of a program. Messages can also be generated due to a set of conditions
being met. Typically, developers quantify these messages into one of several broad categories,
generally consisting of the facility that generated them, along with an indication of the severity of
the message. This allows system administrators to selectively filter the messages and be presented
with the more important and time sensitive notifications quickly, while also having the ability to
place status or informative messages in a file for later review.
Switches must be configured with rules for displaying and/or forwarding event messages
generated by their applications. In addition, Syslog servers need to be configured with
appropriate rules to collect messages so they can be stored for future reference
.
Syslog Operation on Enterasys Devices
The Syslog implementation on Enterasys devices uses a series of system logging messages to track
device activity and status. These messages inform users about simple changes in operational
status or warn of more severe issues that may affect system operations. Logging can be configured
to display messages at a variety of different severity levels about application-related error
conditions occurring on the device.
You can decide to have all messages stored locally, as well as to have all messages of a high
severity forwarded to another device. You can also have messages from a particular facility sent to
some or all of the users of the device, and displayed on the system console. For example, you may
want all messages that are generated by the mail facility to be forwarded to one particular Syslog
server. However you decide to configure the disposition of the event messages, the process of
having them sent to a Syslog collector generally consists of:
• Determining which messages at which severity levels will be forwarded.
• Defining one or more remote receivers (Syslog servers/console displays).
Filtering by Severity and Facility
Syslog daemons determine message priority by filtering them based on a combined facility and
severity code. Severity indicates the seriousness of the error condition generating the Syslog
message. This is a value from 1 to 8, with 1 indicating highest severity. Facility categorizes which
functional process is generating an error message. The Enterasys implementation uses the eight
facility designations reserved for local use: local0 – local7 defined in RFC 3164. You can modify
these default facility and severity values to control message receipt and aid in message sorting on
target servers.
For example, you can configure all router messages to go to Server 1 using facility local1, while all
SNMP messages go to Server 1 using facility local2.
To Next Page
Loading...
Need help?
General