Interpreting Messages
14-6 Configuring Syslog
For more information on how to configure these basic settings, refer to “Syslog Command
Precedence” on page 14-8, and the “Configuration Examples” on page 14-12.
Interpreting Messages
Every system message generated by the Enterasys switch platforms follows the same basic format:
<facility/severity> time stamp address application [unit] message text
Example
This example shows Syslog informational messages, displayed with the show logging buffer
command. It indicates that messages were generated by facility code 16 (local4) at severity level 5
from the CLI application on IP address 10.42.71.13.
Switch1(rw)->show logging buffer
<165>Sep 4 07:43:09 10.42.71.13 CLI[5]User:rw logged in from 10.2.1.122 (telnet)
<165>Sep 4 07:43:24 10.42.71.13 CLI[5]User: debug failed login from 10.4.1.100
(telnet)
Table 14-2 describes the components of these messages.
About Security Audit Logging
Security audit logging provides a mechanism to generate a separate and secure log file, in
addition to the previously existing unsecured log file (“current.log”).
The secure permanent log file, named “secure.log,” records security related events occurring on
the switch. The secure log file contains 1000 256-byte log entries and is managed as a circular list.
Up to 10 files are allowed in the secure directory, with a total size of 512 KB.
The “secure.log” file is stored in the secure/logs directory, which is only visible to and accessible
by super user accounts. Super-users can create, edit, and delete files in the secure directory, and
can copy files to and from the secure directory.
Table 14-2 Syslog Message Components
Component Description Example Code
Facility/Severity Combined code indicating the facility generating
the message and the severity level used to
determine message priority. Facility codes 16 -
23 are Syslog designations for local0 - local7,
the Enterasys supported designations for local
use. For a complete list of facility codes, refer to
RFC 3164.
<165> = Numerical code
indicating a message from
facility local4 at severity
5.
Time stamp Month, date, and time the Syslog message
appeared.
Sep 4 07:43:09
Address IP address of the client originating the Syslog
message.
10.42.71.13
Application Client process generating the Syslog message. CLI
Unit Location of the device generating the Syslog
message.
[5] = unit 5 in stack
Message text Brief description of error condition. User: debug failed login
from 10.4.1.100 (telnet)
To Next Page
Loading...
Need help?
General