Log events overview

Log events have common elements or properties but are formatted in a way appropriate for the specific destination whether recorded to a file or sent as an SNMP trap.

Logs can be directed to memory, a console, a session, a local file, a syslog server, or an SNMP manager. All application-generated events have the following properties:
  • a time stamp in UTC or local time
  • the generating application
  • a unique event ID within the application
  • a router name identifying the VRF-ID that generated the event
  • a subject identifying the affected object
  • a short text description

See the associated SNMP notification definition in the SR OS MIBs for more information about the variables found in the message format strings.

The general format for a log event with either a memory, console, or file destination is as follows:

nnnn YYYY/MM/DD HH:MM:SS.SS TZONE <severity>: <application> #<event_id> <router-name>
  <subject>
<message>

The following is a log event example:

252 2013/05/07 16:21:00.76 UTC WARNING: SNMP #2005 Base my-interface-abc
"Interface my-interface-abc is operational"

The following table lists the specific elements that compose the general format.

Table 1. Log entry field descriptions
Label Description
nnnn The log entry sequence number
YYYY/MM/DD The UTC or local date stamp for the log entry
YYYY
Year
MM
Month
DD
Date
HH:MM:SS.SS The UTC time stamp for the event
HH
Hours (24 hour format)
MM
Minutes
SS.SS
Seconds
TZONE The timezone (for example, UTC, EDT) as configured by the configure log log-id x time-format command
<severity> The severity level of the event
  • CRITICAL
  • MAJOR
  • MINOR
  • WARNING
  • INFO
  • CLEARED
<application> The name of the application generating the log message
<event_id> The application’s event ID number for the event
<router> The router name representing the VRF-ID that generated the event; some examples include: Base, management, and vprn348
<subject> The subject or affected object for the event
<message> A text description of the event

The following table lists the sources that trigger an event.

Table 2. Log event sources
Event source Description
Security events Events pertaining to attempts to breach system security
Change events Events pertaining to the configuration and operation of the node
Main events Events pertaining to applications that are not assigned to other event categories or sources
Debug events Events pertaining to trace or other debugging information

Viewing log events

  • View all the log events.
    show log event-control
    Note:
    • You can use this command and specify an application (for example, subscriber management).
    • When an L precedes an event, it indicates that this event does not generate an SNMP notification.
    • The event severity can be modified whether the event is generated or dropped.
    • The severity of an SNMP trap is assigned by the SNMP manager.
    • By default, all events are throttled at 2000 per second. System throttle or event-specific throttle can be modified.
    • A maximum of 100 log IDs can be configured and filters can be used to specify the application, event ID, event severity, forward or drop the matching event, and so on, by applying those to a set of logs. Each log ID is configured by specifying an event source and the log destination.
    Note: Logs with ID 99 and 100 are default logs directed to memory that contain the main events. The log with ID 100 has a filter applied to match events with severity greater than or equal to major.
    show log event-control
    =======================================================================
    Log Events
    =======================================================================
    Application
     ID#    Event Name                        P    g/s    Logged    Dropped
    -----------------------------------------------------------------------
    APPLICATION_ASSURANCE:
       4401 tmnxBsxIsaAaGrpFailureV2          MA   thr         0          0
       4402 tmnxBsxIsaAaGrpFailureClearV2     WA   thr         0          0
    <snip>
    MOBILE_GATEWAY:
       2001 tmnxMobGwPathMgmtPeerState        WA   thr         0          0
       2002 tmnxMobGwDiameterPeerState        WA   thr         0          0
    L  2003 tmnxMobGwCpmRestartUpdate         WA   thr         0          0
    ...
    ...
    ...
    =======================================================================
  • View a specific log event.
    show log log-id log-id
    show log log-id 99
    =============================================================================
    Event Log 99
    =============================================================================
    Description : Default System Log
    Memory Log contents [size=500 next event=183 (not wrapped)]
    182 2017/09/12 18:46:25.66 EDT WARNING: SNMP #2005 Base xyz
    "Interface xyz is operational"
    181 2017/09/12 18:45:53.97 EDT WARNING: SNMP #2005 Base system
    "Interface system is operational"
  • View the log collector information.
    show log log-collector
    show log log-collector
    =============================================================================
    Log Collectors
    =============================================================================
    Main                 Logged : 191                        Dropped : 0
      Dest Log Id: 99    Filter Id: 0       Status: enabled    Dest Type: memory
      Dest Log Id: 100   Filter Id: 1001    Status: enabled    Dest Type: memory
      Dest Log Id: 90    Filter Id: 0       Status: enabled    Dest Type: snmp
      Dest Log Id: 20    Filter Id: 100     Status: enabled    Dest Type: file
      Dest Log Id: 5     Filter Id: 0       Status: enabled    Dest Type: syslog
    Security            Logged : 28 Dropped : 0
      Dest Log Id: 90    Filter Id: 0       Status: enabled    Dest Type: snmp
      Dest Log Id: 20    Filter Id: 100     Status: enabled    Dest Type: file
      Dest Log Id: 5     Filter Id: 0       Status: enabled    Dest Type: syslog
    Change              Logged : 451 Dropped : 0
      Dest Log Id: 90    Filter Id: 0       Status: enabled    Dest Type: snmp
      Dest Log Id: 20    Filter Id: 100     Status: enabled    Dest Type: file
      Dest Log Id: 5     Filter Id: 0       Status: enabled    Dest Type: syslog
    Debug               Logged : 0 Dropped : 0
    LI                  Logged : 65 Dropped : 0
    =============================================================================
  • Create and configure filters.
    configure log filter filter-id
    Note: The MAG-c also supports log events generated by the 7750 SR OS. See the SR OS documentation for more information about the SNMP notifications from SR OS.

Log event configuration

Configuring SNMP as the log destination

You can specify SNMP as the destination for log events.

The MAG-c supports SNMPv1, SNMPv2, and SNMPv3 with the underlying system being based on SNMPv3. SNMPv1 and SNMPv2 are implemented by creating communities based on SNMPv3. Logical objects, for example VPRNs and interfaces, are assigned an index during the boot sequence based on their order in the configuration file. To maintain this index after a reboot, SNMP persistence must be enabled in the BOF. When enabled, and an admin save command is issued, the persistent indexes are stored in an .ndx file, which has the same name as the configuration file.

  1. Enable persistent indexes in the BOF.
    bof persist on
  2. Save the BOF.
    bof save
  3. Configure the SNMP packet size.
    configure system snmp packet-size bytes
    configure system snmp packet-size 9212
  4. Enable SNMP.
    configure system snmp no shutdown
  5. Configure an SNMP community.
    configure system security snmp community community-string access-permissions version version
    configure system security snmp community test rwa version v2c
  6. Save the configuration.
    admin save
  7. View the SNMP status.
    show system information

    If the SNMP configuration is successful, the SNMP Index Boot Status field in the output of the command must indicate Persistent.

    # show system information
    =============================================================================
    System Information
    =============================================================================
    System Name            : cses-V20
    System Type            : 7750 SR-12
    Chassis Topology       : Standalone
    System Version         : B-0.0.I2946
    System Contact         :
    System Location        :
    System Coordinates     :
    System Active Slot     : A
    System Up Time         : 64 days, 18:33:04.70 (hr:min:sec)
    Configuration-mode     : classic
    Configuration-oper-mode: classic
    SNMP Port              : 161
    SNMP Engine ID         : 0000197f0000d814ff000000
    SNMP Engine Boots      : 1
    SNMP Max Message Size  : 1500
    SNMP Admin State       : Enabled
    SNMP Oper State        : Enabled
    SNMP Index Boot Status : Persistent
    SNMP Sync State        : N/A
    ...
    ...
    ...
    =============================================================================
  8. View the SNMP counters used for requests, responses, and traps.
    show snmp counters
    # show snmp counters
    ============================================================================
    SNMP counters:
    ============================================================================
      in packets : 107
    ----------------------------------------------------------------------------
        in gets : 46
        in getnexts : 0
        in getbulks : 0
        in sets : 61
      out packets: 107
    ----------------------------------------------------------------------------
        out get responses : 107
        out traps : 0
      variables requested: 24
      variables set : 84
    ----------------------------------------------------------------------------
      Failed requests due to lock being taken by netconf
        failed sets : 0
    ============================================================================

Configuring an SNMP trap destination

An SNMP trap destination is a log with SNMP set as the destination.

In this example, the SNMP trap is configured as follows:
  • log ID 90
  • target name set to “manager”
  • IP address 192.0.2.2
  • SNMP version SNMPv2
  • community name set to “community”
  1. Create an SNMP trap group.
    configure log snmp-trap-group log-id
    configure log snmp-trap-group 90
  2. Configure the SNMP trap group.
    snmp-trap-group log-id trap-target name address ip-address [snmpv1|snmpv2|snmpv3] notify-community communityName|snmpv3SecurityName
    snmp-trap-group 90 trap-target “manager" address 192.0.2.255 snmpv2c notify-community community
  3. Create a log ID.
    configure log log-id

    Use the log ID configured for the SNMP trap group in step 1.

    configure log 90
  4. Configure the log ID.
    log-id log-id to snmp size

    Specify SNMP as the destination and the number of events.

    log-id 90 to snmp 3000
  5. View the configured SNMP trap destination.
    show log snmp-trap-group log-id
    # show log snmp-trap-group 90
    ==========================================================================
    SNMP Trap Groups
    ==========================================================================
    id        name
      port      address
    --------------------------------------------------------------------------
    90        manager
      162       192.0.2.255
    ==========================================================================
    Note: By default, Nokia NSP NFM-P uses log ID 98.

Configuring a file as the log destination

You can specify a file as the log destination.

The filename follows the format logeeff-timestamp, where:
ee
The log ID (log-id)
ff
The file ID (log-file-id)
In this example, the destination file is configured as follows:
  • file ID 10
  • storage location CF1:
  • rollover of records 1440 minutes and retention 168 hours
  • linked to log ID 20, which receives event logs from the main, security, and changed source streams (see Log event sources)
  • log ID 20 directed to file ID 10
  1. Create a log file.
    configure log file-id log-file-id
    configure log file-id 10
  2. Configure the storage location of the log file.
    configure log file-id log-file-id location
    configure log file-id 10 location cf1:
  3. Configure the rollover and retention duration of the log file.
    configure log file-id log-file-id rollover minutes [retention] hours
    configure log file-id 10 rollover 1440 retention 168
  4. Create a log ID.
    configure log log-id
    configure log 20
  5. Configure the source streams for the log ID.
    configure log log-id from
    configure log 20 from main security change
  6. Configure the destination type of the log.
    configure log log-id to file log-file-id
    configure log 20 to file 10

Configuring a syslog as the log destination

You can specify a syslog as the log destination.

In this example, the syslog is configured as follows:
  • syslog ID 5
  • syslog host address 10.10.1.1
  • linked to log ID 5, which receives event logs from the main, security, and changed source streams (see Log event sources)
  1. Create a syslog.
    configure log syslog syslog-id
    configure log syslog 5
  2. Configure the storage location of the syslog.
    configure log syslog syslog-id address ip-address
    configure log syslog 5 address 10.10.1.1
  3. Create a log ID.
    configure log log-id
    configure log 5
  4. Configure the source streams for the log ID.
    configure log log-id from
    configure log 5 from main security change
  5. Configure the destination type of the log ID.
    configure log log-id to syslog syslog-id
    configure log 5 to syslog 5

Debugging an application

You can debug an application using a log with the debug trace specified as the event source. Although you can debug an application in the current session window, using a log as the destination is more useful for reviewing the log.

Note: The steps in this section only describe the procedure for configuring a log file that stores the output of debug commands. See the MAG-c Control Plane Function Guide for more information about how to enable and use the call-insight and PDN debug commands, .
In this example, application debugging is configured as follows:
  • file ID 10
  • storage location CF2:
  • linked to log ID 30, which receives event logs from the debug trace (see Log event sources)
  • log ID 30 directed to file ID 10
Caution: Debug commands must be used with caution. Nokia recommends disabling debugging after any debug operation has been finished. The no debug command disables all the enabled debug commands.
  1. Create a log file.
    configure log file-id log-file-id
    configure log file-id 10
  2. Configure the storage location of the log file.
    configure log file-id log-file-id location
    configure log file-id 10 location cf2:
  3. Create a log ID.
    configure log log-id
    configure log 30
  4. Configure the source stream for the log ID.
    configure log log-id from
    configure log 30 from debug-trace
  5. Configure the destination type of the log.
    configure log log-id to file log-file-id
    configure log 30 to file 10

Sample log event

In this guide, each log event is described in a separate table.

The following table contains a sample log event entry for the cli_config_io log event.

Table 3. Properties of the cli_config_io log event
Property name Value
Application name USER
Event ID 2011
Event name cli_config_io
SNMP notification prefix and OID N/A
Default severity minor
Message format string User from $srcAddr$: $prompt$ $message$
Cause A CLI command was entered in a configuration node
Effect The configuration was changed by the CLI command
Recovery No recovery is required

The table title for a log event entry is the event name. Each entry contains the information described in the following table.

Table 4. Log entry field descriptions
Label Description
Application name The name of the application generating the log message
Event ID The application event ID number for the event
Event name The name of the event
SNMP notification prefix and OID The prefix and OID of the SNMP notification associated with the log event
Default severity The default severity level of the event
  • CRITICAL
  • MAJOR
  • MINOR
  • WARNING
  • INFO
  • CLEARED
Message format string A text description of the event
Cause The cause of the event
Effect The effect of the event
Recovery How to recover from this event, if necessary