- Performing Basic System Management
- Setting Time and Calendar Services
- Configuring System Logging Counts
- CPU Thresholding Notification
- DSP Operational State Notifications
- Configuring the Event Tracer
- Memory Threshold Notifications
- Troubleshooting and Fault Management
- Configuring the XML Interface to Syslog Messages
Configuring the XML Interface to Syslog Messages
The XML Interface to Syslog Messages features provides command-line interface (CLI) commands for enabling syslog messages to be sent in an Extensible Markup Language (XML) format. Logs in a standardized XML format can be more readily used in external customized monitoring tools.
Finding Feature Information
Your software release may not support all the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the Feature Information Table at the end of this document.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Information About the XML Interface to Syslog Messages Feature
- Cisco IOS System Message Logging
- XML-Formatted System Message Logging
- System Logging Message Formatting
Cisco IOS System Message Logging
The Cisco IOS system message logging (syslog) process allows the system to report and save important error and notifications messages, either locally or to a remote logging server. These syslog messages include messages in a standardized format (often called system error messages) and output from debug commands. These messages are generated during network operation to assist users and Cisco TAC engineers with identifying the type and severity of a problem, or to aid users in monitoring router activity. Syslog messages can be sent to the console, a monitor (TTY and Telnet connections), the system buffer, or to remote hosts.
Note |
The system message logging process in Cisco IOS software is abbreviated as "syslog". The messages generated by this process are called "syslog messages". However, syslog messages are also referred to in Cisco IOS documenation as "system error messages" or "SEMs". Note that syslog messages are not restricted to error conditions, and can reflect purely informational messages. |
XML-Formatted System Message Logging
XML, a derivative of SGML, provides a representation scheme to structuralize consistently formatted data such as that found in syslog messages.
The XML Interface to Syslog Messages features provides CLI commands for enabling syslog messages to be sent in an XML format. Logs in a standardized XML format can be more readily used in external customized monitoring tools. Within the Cisco IOS software, a closed set of meaningful XML tags are defined and, when enabled, applied to the syslog messages sent to the console, monitor, buffer, or to remote hosts.
Two system logging formats exist in Cisco IOS software: the standard logging format and the XML logging format. This means that you can specify that the standard syslog messages be sent to one remote host while the XML-formatted syslog messages are sent to another host. Similarly, if logging messages are sent to the system buffer, the XML logging buffer is separate from the standard logging buffer, and you can have the standard and XML logging buffers running at the same time.
The XML logging process is dependant on the standard logging process. In most cases, settings for the standard logging process carry over to the XML logging process. For example, the severity level for the logging buffered xml command is determined by the level set for the standard logging buffered command (or, if not set, by the default severity level for the standard buffer). Similarly, the default size of the XML logging buffer is the same as the standard logging buffer's default (the default buffer size varies by platform).
System Logging Message Formatting
System logging messages take the following format:
%<facility>-<severity>-<mnemonic>: <message-text>
For example:
%LINK-5-CHANGED: Interface Serial3/3, changed state to administratively down
Usually, these messages are proceeded by additional text, such as the timestamp and message sequence number:
<sequence-number>: <date or system-up-time> <time>:%<facility>-<severity>-<mnemonic>: <message-text>
For example:
000013: Mar 18 14:52:10.039:%LINK-5-CHANGED: Interface Serial3/3, changed state to administratively down
Note |
The timestamp format used in system logging messages is determined by the service timestamps global configuration mode command. The service sequence-numbers global configuration command enables or disables the leading sequence number. An asterix (*) before the time indicates that the time may be incorrect because the system clock has not synchronized to a reliable time source. |
The table below shows the XML tags applied to syslog messages (the XML formatting):
Table 1 | XML Tags used for Syslog Message Fields |
|
Tag Applied |
Delimited Item |
---|---|---|
|
<ios-log-msg></ios-log-message> |
Entire syslog message. |
|
<facility></facility> |
Facility Name. FACILITY is a code consisting of two or more uppercase letters that indicate the facility to which the message refers. A facility can be a hardware device, a protocol, or a module of the system software. |
|
<severity></severity> |
Severity Value. SEVERITY is a single-digit code from 0 to 7 that reflects the severity of the condition. The lower the number, the more serious the situation. |
|
<msg-id></msg-id> |
Mnemonic. The MNEMONIC is a code (usually an abbreviated description) that uniquely identifies the type of error or event. |
|
<seq></seq> |
The error sequence number. |
|
<time></time> |
The timestamp, including date and time, or the system uptime (time since last reboot). |
|
<args></args> |
The variables within the message text. The full "human readable" text of the message is not retained in XML. Only the variables are extracted and formatted. The variables within a system error message are identified with brackets ( [chars] , [hex] , [int] , and so on) in Cisco IOS documentation. For example: %LINK-5-CHANGED: : Interface [chars], changed state to [chars] For the complete text of syslog messages, see the Cisco IOS System Error Messages document, available on Cisco.com. All these XML tags add significant overhead to a message. In case the message length exceeds the limit of IOS message logging, the "<args>...</args>" part will be replaced with "<args-warning>*** LOG OVERRUN ***</args-warning>" |
|
<arg id="x"></arg> |
A specific argument. "x" is a sequential variable I.D. number, starting with zero. |
The following example shows a syslog message in standard format, followed by the same message with XML formatting applied:
Standard Syslog Message Format
000013: *Oct 11 14:52:10.039: %SYS-5-CONFIG_I: Configured from console by vty0 (172.19.208.14)
XML Syslog Message Format
<ios-log-msg><facility>SYS</facility><severity>5</severity><msg-id>CONFIG_I</msg-id><seq>000013</seq><time>*Oct 11 14:52:10.039</time><args><arg id="0">console</arg><arg id="1">vty0 (172.19.208.14)</arg></args></ios-log-msg>
Note |
System logging messages include debugging messages when debugging is enabled on the router and logging is configured to record severity level 7 messages. However, debugging messages do not use the system logging message format. XML formatting will not, therefore, be applied to these messages. |
How to Configure XML Formatting of Syslog Messages
Enabling logging in an XML format consists of simply using the appropriate logging command to indicate where syslog messages should be sent, followed by the xml keyword. Standard system message logging is enabled by default, but XML formatting of these messages is disabled by default.
As mentioned previously, the XML-formatted logging process is separate than (but dependant on) the standard logging process, so you can configure XML-formatted logging in addition to standard logging if the destination is a remote host or the system buffer.
To enable XML formatting for syslog messages, use one of the following commands in global configuration mode:
- logging console xml
- logging monitor xml
- logging buffered xml
- logging host {ip-address | host-name} xml
To view the status of logging and the contents of the XML logging buffer, use the show logging xml command in EXEC mode. To clear the contents of the XML logging buffer, use the clear logging xml command in EXEC mode.
DETAILED STEPS
Configuration Examples for XML Formatting of Syslog Messages
In the following example, logging is enabled and then logging to the standard buffer and to the XML buffer is enabled. The last two show logging commands compare the difference between the standard syslog buffer and the XML syslog buffer.
Router# show logging Syslog logging: disabled (10 messages dropped, 5 messages rate-limited, 6 flush) Console logging: disabled Monitor logging: disabled Buffer logging: disabled, xml disabled Logging Exception size (8192 bytes) Count and timestamp logging messages: disabled Trap logging: level informational, 31 message lines logged Router# config terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)# logging on Router(config)# logging buffered Router(config)# end Router# show logging Syslog logging: enabled (10 messages dropped, 5 messages rate-limited, 6 flushed) Console logging: disabled Monitor logging: disabled Buffer logging: level debugging, 1 messages logged, xml disabled Logging Exception size (8192 bytes) Count and timestamp logging messages: disabled Trap logging: level informational, 32 message lines logged Log Buffer (8192 bytes): 1w0d: %SYS-5-CONFIG_I: Configured from console by console Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)# logging buffered xml Router(config)# end Router# show logging Syslog logging: enabled (10 messages dropped, 5 messages rate-limited, 6 flushes, 0 overruns, xml enabled) Console logging: disabled Monitor logging: disabled Buffer logging: level debugging, 2 messages logged, xml enabled (1 messages logged) Logging Exception size (8192 bytes) Count and timestamp logging messages: disabled Trap logging: level informational, 33 message lines logged Log Buffer (8192 bytes): 1w0d: %SYS-5-CONFIG_I: Configured from console by console 1w0d: %SYS-5-CONFIG_I: Configured from console by console Router# show logging xml <syslog-logging status="enabled" msg-dropped="10" msg-rate-limited="5" flushes="6" overruns="0"><xml>enabled</xml></syslog-logging> <console-logging>disabled</console-logging> <monitor-logging>disabled</monitor-logging> <buffer-logging level="debugging" messages-logged="2"><xml messages-logged="1">enabled</xml></buffer-logging> <logging-exception size="8192 bytes"></logging-exception> <count-and-timestamp-logging status="disabled"></count-and-timestamp-logging> <trap-logging level="informational" messages-lines-logged="33"></trap-logging> <log-xml-buffer size="8192 bytes"></log-xml-buffer> <ios-log-msg><facility>SYS</facility><severity>5</severity><msg-id>CONFIG_I</msg-id><time>1w0d</time><args><arg id="0">console</arg><arg id="1">console</arg></args></ios-log-msg>
Additional References
Related Documents
Related Topic |
Document Title |
---|---|
System message logging |
Troubleshooting and Fault Management module |
Debug-level system messages |
Cisco IOS Debug Command Reference |
Standards
XML is not currently an Internet Standard. The XML 1.0 Recommendation ("Extensible Markup Language (XML) 1.0 (Second Edition)") is defined at http://www.w3.org/TR/. See also RFC 3076.
MIBs
MIB |
MIBs Link |
---|---|
-- |
To locate and download MIBs for selected platforms, Cisco software releases, and feature sets, use Cisco MIB Locator found at the following URL: |
RFCs
RFCs1 |
Title |
---|---|
RFC 3470 |
"Guidelines for the Use of Extensible Markup Language (XML) within IETF Protocols" (Status: BEST CURRENT PRACTICE) |
Technical Assistance
Description |
Link |
---|---|
The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password. |
|
System Error Message Decoder tool For help with researching and resolving your Cisco IOS error messages, try the Cisco IOS Error Message Decoder tool. This tool is made available by the Cisco Technical Assistance Center (TAC) for registered Cisco.com users. |
Feature Information for XML Interface to Syslog Messages
The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Table 2 | Feature Information for XML Interface to Syslog Messages |
Feature Name |
Releases |
Feature Information |
---|---|---|
XML Interface to Syslog Messages |
12.2(15)T |
The XML Interface to Syslog Messages feature provides command-line interface (CLI) commands for enabling syslog messages to be sent in an Extensible Markup Language (XML) format. The following commands were introduced or modified: |
Glossary
Note |
Refer to the Internetworking Terms and Acronyms for terms not included in this glossary. |
console --In the context of this feature, specifies the connection (CTY or console line) to the console port of the router. Typically, this is a terminal attached directly to the console port, or a PC with a terminal emulation program. Corresponds to the show terminal command.
monitor --In the context of this feature, specifies the TTY (TeleTYpe) line connection at a line port. In other words, the "monitor" keyword corresponds to a TTY line connection or a Telnet (terminal emulation) connection. TTY lines (also called ports) communicate with peripheral devices such as terminals, modems, and serial printers. An example of a TTY connection is a PC with a terminal emulation program connected to the device using a dial-up modem.
SEMs --Abbreviation for system error messages. "System error messages" is a term sometimes used for messages generated by the system logging (syslog) process. Syslog messages use a standardized format, and come in 8 severity levels, from "emergencies" (level 0) to "debugging" (level 7). The term "system error message" is actually misleading, as these messages can include notifications of router activity beyond "errors" (such as informational notices).
syslog --Abbreviation for the system message logging process in Cisco IOS software. Also used to identify the messages generated, as in "syslog messages." Technically, the term "syslog" refers only to the process of logging messages to a remote host or hosts, but is commonly used to refer to all Cisco IOS system logging processes.
trap --A trigger in the system software for sending error messages. In the context of this feature, "trap logging" means logging messages to a remote host. The remote host is actually a syslog host from the perspective of the device sending the trap messages, but because the receiving device typically provides collected syslog data to other devices, the receiving device is also referred to as a "syslog server."
Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1005R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.