Log events overview

Log events have common elements or properties but are formatted in a way appropriate for the specific destination whether recorded to a file or sent as an SNMP trap.

Logs can be directed to memory, a console, a session, a local file, a syslog server, or an SNMP manager. All application-generated events have the following properties:

a time stamp in UTC or local time
the generating application
a unique event ID within the application
a router name identifying the VRF-ID that generated the event
a subject identifying the affected object
a short text description

See the associated SNMP notification definition in the SR OS MIBs for more information about the variables found in the message format strings.

The general format for a log event with either a memory, console, or file destination is as follows:

nnnn YYYY/MM/DD HH:MM:SS.SS TZONE <severity>: <application> #<event_id> <router-name>
  <subject>
<message>

The following is a log event example:

252 2013/05/07 16:21:00.76 UTC WARNING: SNMP #2005 Base my-interface-abc
"Interface my-interface-abc is operational"

The following table lists the specific elements that compose the general format.

Table 1. Log entry field descriptions
Label	Description
nnnn	The log entry sequence number
YYYY/MM/DD	The UTC or local date stamp for the log entry `YYYY` Year `MM` Month `DD` Date
HH:MM:SS.SS	The UTC time stamp for the event `HH` Hours (24 hour format) `MM` Minutes `SS.SS` Seconds
TZONE	The timezone (for example, UTC, EDT) as configured by the configure log log-id `x` time-format command
<severity>	The severity level of the event CRITICAL MAJOR MINOR WARNING INFO CLEARED
<application>	The name of the application generating the log message
<event_id>	The application’s event ID number for the event
<router>	The router name representing the VRF-ID that generated the event; some examples include: Base, management, and vprn348
<subject>	The subject or affected object for the event
<message>	A text description of the event

The following table lists the sources that trigger an event.

Table 2. Log event sources
Event source	Description
Security events	Events pertaining to attempts to breach system security
Change events	Events pertaining to the configuration and operation of the node
Main events	Events pertaining to applications that are not assigned to other event categories or sources
Debug events	Events pertaining to trace or other debugging information

Viewing log events

View all the log events.
```
show log event-control
```
Note:
- You can use this command and specify an application (for example, subscriber management).
- When an L precedes an event, it indicates that this event does not generate an SNMP notification.
- The event severity can be modified whether the event is generated or dropped.
- The severity of an SNMP trap is assigned by the SNMP manager.
- By default, all events are throttled at 2000 per second. System throttle or event-specific throttle can be modified.
- A maximum of 100 log IDs can be configured and filters can be used to specify the application, event ID, event severity, forward or drop the matching event, and so on, by applying those to a set of logs. Each log ID is configured by specifying an event source and the log destination.
Note: Logs with ID 99 and 100 are default logs directed to memory that contain the main events. The log with ID 100 has a filter applied to match events with severity greater than or equal to major.
```
show log event-control
=======================================================================
Log Events
=======================================================================
Application
 ID#    Event Name                        P    g/s    Logged    Dropped
-----------------------------------------------------------------------
APPLICATION_ASSURANCE:
   4401 tmnxBsxIsaAaGrpFailureV2          MA   thr         0          0
   4402 tmnxBsxIsaAaGrpFailureClearV2     WA   thr         0          0
<snip>
MOBILE_GATEWAY:
   2001 tmnxMobGwPathMgmtPeerState        WA   thr         0          0
   2002 tmnxMobGwDiameterPeerState        WA   thr         0          0
L  2003 tmnxMobGwCpmRestartUpdate         WA   thr         0          0
...
...
...
=======================================================================
```

View a specific log event.

show log log-id log-id

show log log-id 99
=============================================================================
Event Log 99
=============================================================================
Description : Default System Log
Memory Log contents [size=500 next event=183 (not wrapped)]
182 2017/09/12 18:46:25.66 EDT WARNING: SNMP #2005 Base xyz
"Interface xyz is operational"
181 2017/09/12 18:45:53.97 EDT WARNING: SNMP #2005 Base system
"Interface system is operational"

View the log collector information.

show log log-collector

show log log-collector
=============================================================================
Log Collectors
=============================================================================
Main                 Logged : 191                        Dropped : 0
  Dest Log Id: 99    Filter Id: 0       Status: enabled    Dest Type: memory
  Dest Log Id: 100   Filter Id: 1001    Status: enabled    Dest Type: memory
  Dest Log Id: 90    Filter Id: 0       Status: enabled    Dest Type: snmp
  Dest Log Id: 20    Filter Id: 100     Status: enabled    Dest Type: file
  Dest Log Id: 5     Filter Id: 0       Status: enabled    Dest Type: syslog
Security            Logged : 28 Dropped : 0
  Dest Log Id: 90    Filter Id: 0       Status: enabled    Dest Type: snmp
  Dest Log Id: 20    Filter Id: 100     Status: enabled    Dest Type: file
  Dest Log Id: 5     Filter Id: 0       Status: enabled    Dest Type: syslog
Change              Logged : 451 Dropped : 0
  Dest Log Id: 90    Filter Id: 0       Status: enabled    Dest Type: snmp
  Dest Log Id: 20    Filter Id: 100     Status: enabled    Dest Type: file
  Dest Log Id: 5     Filter Id: 0       Status: enabled    Dest Type: syslog
Debug               Logged : 0 Dropped : 0
LI                  Logged : 65 Dropped : 0
=============================================================================

Create and configure filters.
```
configure log filter filter-id
```
Note: The MAG-c also supports log events generated by the 7750 SR OS. See the SR OS documentation for more information about the SNMP notifications from SR OS.

Log event configuration

Configuring SNMP as the log destination

You can specify SNMP as the destination for log events.

The MAG-c supports SNMPv1, SNMPv2, and SNMPv3 with the underlying system being based on SNMPv3. SNMPv1 and SNMPv2 are implemented by creating communities based on SNMPv3. Logical objects, for example VPRNs and interfaces, are assigned an index during the boot sequence based on their order in the configuration file. To maintain this index after a reboot, SNMP persistence must be enabled in the BOF. When enabled, and an admin save command is issued, the persistent indexes are stored in an .ndx file, which has the same name as the configuration file.

Enable persistent indexes in the BOF.
```
bof persist on
```
Save the BOF.
```
bof save
```

Configure the SNMP packet size.

configure system snmp packet-size bytes

configure system snmp packet-size 9212

Enable SNMP.
```
configure system snmp no shutdown
```

Configure an SNMP community.

configure system security snmp community community-string access-permissions version version

configure system security snmp community test rwa version v2c

Save the configuration.
```
admin save
```

View the SNMP status.

show system information

If the SNMP configuration is successful, the SNMP Index Boot Status field in the output of the command must indicate Persistent.

# show system information
=============================================================================
System Information
=============================================================================
System Name            : cses-V20
System Type            : 7750 SR-12
Chassis Topology       : Standalone
System Version         : B-0.0.I2946
System Contact         :
System Location        :
System Coordinates     :
System Active Slot     : A
System Up Time         : 64 days, 18:33:04.70 (hr:min:sec)
Configuration-mode     : classic
Configuration-oper-mode: classic
SNMP Port              : 161
SNMP Engine ID         : 0000197f0000d814ff000000
SNMP Engine Boots      : 1
SNMP Max Message Size  : 1500
SNMP Admin State       : Enabled
SNMP Oper State        : Enabled
SNMP Index Boot Status : Persistent
SNMP Sync State        : N/A
...
...
...
=============================================================================

View the SNMP counters used for requests, responses, and traps.

show snmp counters

# show snmp counters
============================================================================
SNMP counters:
============================================================================
  in packets : 107
----------------------------------------------------------------------------
    in gets : 46
    in getnexts : 0
    in getbulks : 0
    in sets : 61
  out packets: 107
----------------------------------------------------------------------------
    out get responses : 107
    out traps : 0
  variables requested: 24
  variables set : 84
----------------------------------------------------------------------------
  Failed requests due to lock being taken by netconf
    failed sets : 0
============================================================================

Configuring an SNMP trap destination

An SNMP trap destination is a log with SNMP set as the destination.

In this example, the SNMP trap is configured as follows:

log ID 90
target name set to “manager”
IP address 192.0.2.2
SNMP version SNMPv2
community name set to “community”

Create an SNMP trap group.

configure log snmp-trap-group log-id

configure log snmp-trap-group 90

Configure the SNMP trap group.

snmp-trap-group log-id trap-target name address ip-address [snmpv1|snmpv2|snmpv3] notify-community communityName|snmpv3SecurityName

snmp-trap-group 90 trap-target “manager" address 192.0.2.255 snmpv2c notify-community community

Create a log ID.
```
configure log log-id
```
Use the log ID configured for the SNMP trap group in step 1.
```
configure log 90
```
Configure the log ID.
```
log-id log-id to snmp size
```
Specify SNMP as the destination and the number of events.
```
log-id 90 to snmp 3000
```

View the configured SNMP trap destination.

show log snmp-trap-group log-id

# show log snmp-trap-group 90
==========================================================================
SNMP Trap Groups
==========================================================================
id        name
  port      address
--------------------------------------------------------------------------
90        manager
  162       192.0.2.255
==========================================================================

Note: By default, Nokia NSP NFM-P uses log ID 98.

Configuring a file as the log destination

You can specify a file as the log destination.

The filename follows the format logeeff-timestamp, where:

ee: The log ID (log-id)
ff: The file ID (log-file-id)

In this example, the destination file is configured as follows:

file ID 10
storage location CF1:
rollover of records 1440 minutes and retention 168 hours
linked to log ID 20, which receives event logs from the main, security, and changed source streams (see Log event sources)
log ID 20 directed to file ID 10

Create a log file.

configure log file-id log-file-id

configure log file-id 10

Configure the storage location of the log file.

configure log file-id log-file-id location

configure log file-id 10 location cf1:

Configure the rollover and retention duration of the log file.

configure log file-id log-file-id rollover minutes [retention] hours

configure log file-id 10 rollover 1440 retention 168

Create a log ID.
```
configure log log-id
```
```
configure log 20
```

Configure the source streams for the log ID.

configure log log-id from

configure log 20 from main security change

Configure the destination type of the log.

configure log log-id to file log-file-id

configure log 20 to file 10

Configuring a syslog as the log destination

You can specify a syslog as the log destination.

In this example, the syslog is configured as follows:

syslog ID 5
syslog host address 10.10.1.1
linked to log ID 5, which receives event logs from the main, security, and changed source streams (see Log event sources)

Create a syslog.

configure log syslog syslog-id

configure log syslog 5

Configure the storage location of the syslog.

configure log syslog syslog-id address ip-address

configure log syslog 5 address 10.10.1.1

Create a log ID.
```
configure log log-id
```
```
configure log 5
```

Configure the source streams for the log ID.

configure log log-id from

configure log 5 from main security change

Configure the destination type of the log ID.

configure log log-id to syslog syslog-id

configure log 5 to syslog 5

Debugging an application

You can debug an application using a log with the debug trace specified as the event source. Although you can debug an application in the current session window, using a log as the destination is more useful for reviewing the log.

Note: The steps in this section only describe the procedure for configuring a log file that stores the output of debug commands. See the MAG-c Control Plane Function Guide for more information about how to enable and use the call-insight and PDN debug commands, .

In this example, application debugging is configured as follows:

file ID 10
storage location CF2:
linked to log ID 30, which receives event logs from the debug trace (see Log event sources)
log ID 30 directed to file ID 10

Caution: Debug commands must be used with caution. Nokia recommends disabling debugging after any debug operation has been finished. The no debug command disables all the enabled debug commands.

Create a log file.

configure log file-id log-file-id

configure log file-id 10

Configure the storage location of the log file.

configure log file-id log-file-id location

configure log file-id 10 location cf2:

Create a log ID.
```
configure log log-id
```
```
configure log 30
```

Configure the source stream for the log ID.

configure log log-id from

configure log 30 from debug-trace

Configure the destination type of the log.

configure log log-id to file log-file-id

configure log 30 to file 10

Sample log event

In this guide, each log event is described in a separate table.

The following table contains a sample log event entry for the cli_config_io log event.

Table 3. Properties of the cli_config_io log event
Property name	Value
Application name	USER
Event ID	2011
Event name	cli_config_io
SNMP notification prefix and OID	N/A
Default severity	minor
Message format string	User from $srcAddr$: $prompt$ $message$
Cause	A CLI command was entered in a configuration node
Effect	The configuration was changed by the CLI command
Recovery	No recovery is required

The table title for a log event entry is the event name. Each entry contains the information described in the following table.

Table 4. Log entry field descriptions
Label	Description
Application name	The name of the application generating the log message
Event ID	The application event ID number for the event
Event name	The name of the event
SNMP notification prefix and OID	The prefix and OID of the SNMP notification associated with the log event
Default severity	The default severity level of the event CRITICAL MAJOR MINOR WARNING INFO CLEARED
Message format string	A text description of the event
Cause	The cause of the event
Effect	The effect of the event
Recovery	How to recover from this event, if necessary

Log events overview

Viewing log events

Log event configuration

Configuring SNMP as the log destination

Configuring an SNMP trap destination

Configuring a file as the log destination

Configuring a syslog as the log destination

Debugging an application

Sample log event

For consumers

For business

Innovation

About us

Contact and support