Syslog Components and Their Use
Fixed Switch Configuration Guide 14-5
Basic Syslog Scenario
Figure 14-1 shows a basic scenario of how Syslog components operate on an Enterasys switch. By
default, all applications running on the Enterasys switch are allowed to forward Syslog messages
generated at severity levels 6 through 1. In the configuration shown, these default settings have
not been changed.
Figure 14-1 Basic System Scenario
Default application settings in the example in Figure 14-1 have not been modified. Therefore, an
emergency message triggered by a system reset due to loss of the master module is forwarded to
Syslog destinations. The CLI-related message notifying that a user has logged in remotely is also
forwarded. Configured Syslog server(s) will receive all forwarded messages since their default
severity threshold is at 8 (accepting messages at all severity levels).
Any messages generated by applications at severity levels 7 and 8 are not forwarded in this
example. For instance, forwarding does not occur for an AAA authentication-related debugging
message with information about RADIUS access level processing for a particular user. If at some
point in time it becomes necessary, for example, to log all AAA authentication-related message
activity and to save it to a file so authentication details can be tracked, the administrator can allow
that specific application to forward debugging messages to a Syslog server, as well as to the
console and persistent file storage.
Event A:
Loss of
master module
Event B:
Admin user
telnets into
switch
Event C:
RADIUS
processing
user access
level
Application:
CLI
Severity
6
Notification
Application:
SYSTEM
Severity
1
Emergency
Application:
AAA
Severity
8
Debugging
Logging enabled
for this priority?
Generate
Syslog
Server List
Generate
Syslog
Server List
YES
YES
NO
Events cause
Syslog
messages
Logging enabled
for this priority?
Logging enabled
for this priority?
Syslog
Applications
Component
Loop Through
Syslog Server
List
Server priority
threshold met?
I
n
s
e
r
t
S
y
s
l
o
g
F
a
c
i
l
i
t
y
V
a
l
u
e
YES
Send Syslog
Message
Syslog Server
Component
SYSTEM: Resetting for loss of master module
CLI: User:admin logged in from 121.20.142.190(telnet)
To Next Page
Loading...
Need help?
General