Log events overview
Log events have common elements or properties but are formatted in a way appropriate for the specific destination whether recorded to a file or sent as an SNMP trap.
- a time stamp in UTC or local time
- the generating application
- a unique event ID within the application
- a router name identifying the VRF-ID that generated the event
- a subject identifying the affected object
- a short text description
See the associated SNMP notification definition in the SR OS MIBs for more information about the variables found in the message format strings.
The general format for a log event with either a memory, console, or file destination is as follows:
nnnn YYYY/MM/DD HH:MM:SS.SS TZONE <severity>: <application> #<event_id> <router-name>
<subject>
<message>
The following is a log event example:
252 2013/05/07 16:21:00.76 UTC WARNING: SNMP #2005 Base my-interface-abc
"Interface my-interface-abc is operational"
The following table lists the specific elements that compose the general format.
Label | Description |
---|---|
nnnn | The log entry sequence number |
YYYY/MM/DD | The UTC or local date stamp for the log
entry
|
HH:MM:SS.SS | The UTC time stamp for the event
|
TZONE | The timezone (for example, UTC, EDT) as configured by the configure log log-id x time-format command |
<severity> | The severity level of the event
|
<application> | The name of the application generating the log message |
<event_id> | The application’s event ID number for the event |
<router> | The router name representing the VRF-ID that generated the event; some examples include: Base, management, and vprn348 |
<subject> | The subject or affected object for the event |
<message> | A text description of the event |
The following table lists the sources that trigger an event.
Event source | Description |
---|---|
Security events | Events pertaining to attempts to breach system security |
Change events | Events pertaining to the configuration and operation of the node |
Main events | Events pertaining to applications that are not assigned to other event categories or sources |
Debug events | Events pertaining to trace or other debugging information |
Viewing log events
-
View all the log events.
show log event-control
Note:- You can use this command and specify an application (for example, subscriber management).
- When an L precedes an event, it indicates that this event does not generate an SNMP notification.
- The event severity can be modified whether the event is generated or dropped.
- The severity of an SNMP trap is assigned by the SNMP manager.
- By default, all events are throttled at 2000 per second. System throttle or event-specific throttle can be modified.
- A maximum of 100 log IDs can be configured and filters can be used to specify the application, event ID, event severity, forward or drop the matching event, and so on, by applying those to a set of logs. Each log ID is configured by specifying an event source and the log destination.
Note: Logs with ID 99 and 100 are default logs directed to memory that contain the main events. The log with ID 100 has a filter applied to match events with severity greater than or equal to major.show log event-control ======================================================================= Log Events ======================================================================= Application ID# Event Name P g/s Logged Dropped ----------------------------------------------------------------------- APPLICATION_ASSURANCE: 4401 tmnxBsxIsaAaGrpFailureV2 MA thr 0 0 4402 tmnxBsxIsaAaGrpFailureClearV2 WA thr 0 0 <snip> MOBILE_GATEWAY: 2001 tmnxMobGwPathMgmtPeerState WA thr 0 0 2002 tmnxMobGwDiameterPeerState WA thr 0 0 L 2003 tmnxMobGwCpmRestartUpdate WA thr 0 0 ... ... ... =======================================================================
-
View a specific log event.
show log log-id log-id
show log log-id 99 ============================================================================= Event Log 99 ============================================================================= Description : Default System Log Memory Log contents [size=500 next event=183 (not wrapped)] 182 2017/09/12 18:46:25.66 EDT WARNING: SNMP #2005 Base xyz "Interface xyz is operational" 181 2017/09/12 18:45:53.97 EDT WARNING: SNMP #2005 Base system "Interface system is operational"
-
View the log collector information.
show log log-collector
show log log-collector ============================================================================= Log Collectors ============================================================================= Main Logged : 191 Dropped : 0 Dest Log Id: 99 Filter Id: 0 Status: enabled Dest Type: memory Dest Log Id: 100 Filter Id: 1001 Status: enabled Dest Type: memory Dest Log Id: 90 Filter Id: 0 Status: enabled Dest Type: snmp Dest Log Id: 20 Filter Id: 100 Status: enabled Dest Type: file Dest Log Id: 5 Filter Id: 0 Status: enabled Dest Type: syslog Security Logged : 28 Dropped : 0 Dest Log Id: 90 Filter Id: 0 Status: enabled Dest Type: snmp Dest Log Id: 20 Filter Id: 100 Status: enabled Dest Type: file Dest Log Id: 5 Filter Id: 0 Status: enabled Dest Type: syslog Change Logged : 451 Dropped : 0 Dest Log Id: 90 Filter Id: 0 Status: enabled Dest Type: snmp Dest Log Id: 20 Filter Id: 100 Status: enabled Dest Type: file Dest Log Id: 5 Filter Id: 0 Status: enabled Dest Type: syslog Debug Logged : 0 Dropped : 0 LI Logged : 65 Dropped : 0 =============================================================================
-
Create and configure filters.
configure log filter filter-id
Note: The MAG-c also supports log events generated by the 7750 SR OS. See the SR OS documentation for more information about the SNMP notifications from SR OS.
Log event configuration
Configuring SNMP as the log destination
You can specify SNMP as the destination for log events.
The MAG-c supports SNMPv1, SNMPv2, and SNMPv3 with the underlying system being based on SNMPv3. SNMPv1 and SNMPv2 are implemented by creating communities based on SNMPv3. Logical objects, for example VPRNs and interfaces, are assigned an index during the boot sequence based on their order in the configuration file. To maintain this index after a reboot, SNMP persistence must be enabled in the BOF. When enabled, and an admin save command is issued, the persistent indexes are stored in an .ndx file, which has the same name as the configuration file.
-
Enable persistent indexes in the BOF.
bof persist on
-
Save the BOF.
bof save
-
Configure the SNMP packet size.
configure system snmp packet-size bytes
configure system snmp packet-size 9212
-
Enable SNMP.
configure system snmp no shutdown
-
Configure an SNMP community.
configure system security snmp community community-string access-permissions version version
configure system security snmp community test rwa version v2c
-
Save the configuration.
admin save
-
View the SNMP status.
show system information
If the SNMP configuration is successful, the SNMP Index Boot Status field in the output of the command must indicate Persistent.
# show system information ============================================================================= System Information ============================================================================= System Name : cses-V20 System Type : 7750 SR-12 Chassis Topology : Standalone System Version : B-0.0.I2946 System Contact : System Location : System Coordinates : System Active Slot : A System Up Time : 64 days, 18:33:04.70 (hr:min:sec) Configuration-mode : classic Configuration-oper-mode: classic SNMP Port : 161 SNMP Engine ID : 0000197f0000d814ff000000 SNMP Engine Boots : 1 SNMP Max Message Size : 1500 SNMP Admin State : Enabled SNMP Oper State : Enabled SNMP Index Boot Status : Persistent SNMP Sync State : N/A ... ... ... =============================================================================
-
View the SNMP counters used for requests, responses, and traps.
show snmp counters
# show snmp counters ============================================================================ SNMP counters: ============================================================================ in packets : 107 ---------------------------------------------------------------------------- in gets : 46 in getnexts : 0 in getbulks : 0 in sets : 61 out packets: 107 ---------------------------------------------------------------------------- out get responses : 107 out traps : 0 variables requested: 24 variables set : 84 ---------------------------------------------------------------------------- Failed requests due to lock being taken by netconf failed sets : 0 ============================================================================
Configuring an SNMP trap destination
An SNMP trap destination is a log with SNMP set as the destination.
- log ID 90
- target name set to “manager”
- IP address 192.0.2.2
- SNMP version SNMPv2
- community name set to “community”
-
Create an SNMP trap group.
configure log snmp-trap-group log-id
configure log snmp-trap-group 90
-
Configure the SNMP trap group.
snmp-trap-group log-id trap-target name address ip-address [snmpv1|snmpv2|snmpv3] notify-community communityName|snmpv3SecurityName
snmp-trap-group 90 trap-target “manager" address 192.0.2.255 snmpv2c notify-community community
-
Create a log ID.
configure log log-id
Use the log ID configured for the SNMP trap group in step 1.
configure log 90
-
Configure the log ID.
log-id log-id to snmp size
Specify SNMP as the destination and the number of events.
log-id 90 to snmp 3000
-
View the configured SNMP trap destination.
show log snmp-trap-group log-id
# show log snmp-trap-group 90 ========================================================================== SNMP Trap Groups ========================================================================== id name port address -------------------------------------------------------------------------- 90 manager 162 192.0.2.255 ==========================================================================
Note: By default, Nokia NSP NFM-P uses log ID 98.
Configuring a file as the log destination
You can specify a file as the log destination.
- ee
- The log ID (log-id)
- ff
- The file ID (log-file-id)
- file ID 10
- storage location CF1:
- rollover of records 1440 minutes and retention 168 hours
- linked to log ID 20, which receives event logs from the main, security, and changed source streams (see Log event sources)
- log ID 20 directed to file ID 10
-
Create a log file.
configure log file-id log-file-id
configure log file-id 10
-
Configure the storage location of the log file.
configure log file-id log-file-id location
configure log file-id 10 location cf1:
-
Configure the rollover and retention duration of the log file.
configure log file-id log-file-id rollover minutes [retention] hours
configure log file-id 10 rollover 1440 retention 168
-
Create a log ID.
configure log log-id
configure log 20
-
Configure the source streams for the log ID.
configure log log-id from
configure log 20 from main security change
-
Configure the destination type of the log.
configure log log-id to file log-file-id
configure log 20 to file 10
Configuring a syslog as the log destination
You can specify a syslog as the log destination.
- syslog ID 5
- syslog host address 10.10.1.1
- linked to log ID 5, which receives event logs from the main, security, and changed source streams (see Log event sources)
-
Create a syslog.
configure log syslog syslog-id
configure log syslog 5
-
Configure the storage location of the syslog.
configure log syslog syslog-id address ip-address
configure log syslog 5 address 10.10.1.1
-
Create a log ID.
configure log log-id
configure log 5
-
Configure the source streams for the log ID.
configure log log-id from
configure log 5 from main security change
-
Configure the destination type of the log ID.
configure log log-id to syslog syslog-id
configure log 5 to syslog 5
Debugging an application
You can debug an application using a log with the debug trace specified as the event source. Although you can debug an application in the current session window, using a log as the destination is more useful for reviewing the log.
- file ID 10
- storage location CF2:
- linked to log ID 30, which receives event logs from the debug trace (see Log event sources)
- log ID 30 directed to file ID 10
-
Create a log file.
configure log file-id log-file-id
configure log file-id 10
-
Configure the storage location of the log file.
configure log file-id log-file-id location
configure log file-id 10 location cf2:
-
Create a log ID.
configure log log-id
configure log 30
-
Configure the source stream for the log ID.
configure log log-id from
configure log 30 from debug-trace
-
Configure the destination type of the log.
configure log log-id to file log-file-id
configure log 30 to file 10
Sample log event
In this guide, each log event is described in a separate table.
The following table contains a sample log event entry for the cli_config_io log event.
Property name | Value |
---|---|
Application name | USER |
Event ID | 2011 |
Event name | cli_config_io |
SNMP notification prefix and OID | N/A |
Default severity | minor |
Message format string | User from $srcAddr$: $prompt$ $message$ |
Cause | A CLI command was entered in a configuration node |
Effect | The configuration was changed by the CLI command |
Recovery | No recovery is required |
The table title for a log event entry is the event name. Each entry contains the information described in the following table.
Label | Description |
---|---|
Application name | The name of the application generating the log message |
Event ID | The application event ID number for the event |
Event name | The name of the event |
SNMP notification prefix and OID | The prefix and OID of the SNMP notification associated with the log event |
Default severity | The default severity level of the event
|
Message format string | A text description of the event |
Cause | The cause of the event |
Effect | The effect of the event |
Recovery | How to recover from this event, if necessary |