Introduction

This chapter describes system messages, as defined by the syslog protocol (RFC 3164). It describes how to understand the syslog message format and how to capture system messages for review.

This chapter contains the following sections:

System Log Message Format

System log messages begin with a percent sign (%) and are displayed in the following formats:

Syslog Format On a Resident Switch

The format for a resident syslog is:

month dd hh:mm:ss switchname facility-severity-MNEMONIC description
or
month dd hh:mm:ss switchname facility-SLOTnumber-severity-MNEMONIC description
or
month dd hh:mm:ss switchname facility-STANDBY-severity-MNEMONIC description
 

For example:

Nov 1 14:07:58 excal-113 %MODULE-5-MOD_OK: Module 1 is online
Nov 1 14:07:58 excal-113 %PORT-3-IF_UNSUPPORTED_TRANSCEIVER: Transceiver for interface fc1/13 is not supported
.

 

Table 1-1 System Log Message Format Description

Element
Description

month dd

The date and month of the error or event

hh:mm:ss

The time of the error or event

switchname

The name of the switch

facility

The facility of the error or event (daemon, kernel, VSHD, or other facility)

severity

Single-digit code from 0 to 7 that indicates the severity of the message

MNEMONIC

Text string that uniquely describes the system message

%$VDC #%$

An optional virtual device context (VDC) ID that appears in the description for messages requiring VDC IDs

%$VRF #%$

An optional virtual routing and forwarding (VRF) ID that appears in the description for messages requiring VRF IDs

description

Text string containing detailed information about the event being reported

FACILITY is a code consisting of two or more uppercase letters that indicate the facility to which the system message refers. A facility is a hardware device, a protocol, a feature, or a module of the system software.

System message SEVERITY codes range from 0 to 7 and reflect the severity of the condition. The lower the number, the more serious the situation. Table 1-2 lists the severity levels.

 

Table 1-2 System Message Severity Levels

Level
Description

0 – emergency

System unusable

1 – alert

Immediate action needed

2 – critical

Critical condition

3 – error

Error condition

4 – warning

Warning condition

5 – notification

Normal but significant condition

6 – informational

Informational message only

7 – debugging

Appears during debugging only

MNEMONIC is a code that uniquely identifies the system message.

Message-text is a text string that describes the condition. This portion of the message might contain detailed information about the event, including terminal port numbers, network addresses, or addresses that correspond to locations in the system memory address space. Because the information in these variable fields changes from message to message, it is represented here by short strings enclosed in square brackets ( [ ]). A decimal number, for example, is represented as [dec].

Table 1-3 lists the representations of variable fields and the type of information in the fields.

 

Table 1-3 Representation of Variable Fields in System Messages
Representation
Type of Information

[dec]

Decimal number

[hex]

Hexadecimal number

[char]

Single character

[chars]

Character string

The following example system message shows how the variable field might be used:

%MODULE-5-MOD_MINORSWFAIL: Module [dec] reported a failure in service [chars]

In this example,

Facility code =MODULE (indicating that it is a module-specific error)

Severity =5 (notification)

Alarm/event code= MOD_MINORSWFAIL

Description of the problem= Module [dec] reported a failure in service [chars]

[dec] is the module slot number associated with this message.

[chars] is the service name that experienced this failure.

System log messages begin with a percent sign (%) and are displayed in the following format (see Table 1-4 ).

Syslog Format On a Remote-Logging Server

The syslog format on a remote-logging server is:

month dd hh:mm:ss IP-addr-switch : year month day hh:mm:ss Timezone: facility-severity-MNEMONIC description
or
month dd hh:mm:ss IP-addr-switch : year month day hh:mm:ssTimezone: facility-SLOTnumber-severity-MNEMONIC description
or
month dd hh:mm:ss IP-addr-switch : year month day hh:mm:ss Timezone: facility-STANDBY-severity-MNEMONIC description

For example:

sep 21 11:09:50 172.22.22.45 : 2005 Sep 04 18:18:22 UTC: %AUTHPRIV-3-SYSTEM_MSG: ttyS1:
togetattr: Input/output error - getty[28224]
switch resident syslog 2005 Sep 4 18:18:22 switch %AUTHPRIV-3-SYSTEM_MSG: ttyS1:
togetattr: Input/output error - getty[28224]
time on switch : 2005 Sep 4 18:18:22 time on Loggng Server : Sep 21 11:09:50
fc1/13 is not supported
.

 

Table 1-4 System Log Message Format Description

Element
Description

month dd

The date and month of the error or event

hh:mm:ss

The time of the error or event

IP-addr-switch

The IP address of the switch

facility

The facility of the error or event (daemon, kernel, VSHD, or other facility)

severity

Single-digit code from 0 to 3 that indicates the severity of the message

MNEMONIC

Text string that uniquely describes the system message

%$VDC #%$

An optional virtual device context (VDC) ID that appears in the description for messages requiring VDC IDs

%$VRF #%$

An optional virtual routing and forwarding (VRF) ID that appears in the description for messages requiring VRF IDs

description

Text string containing detailed information about the event being reported

FACILITY is a code consisting of two or more uppercase letters that indicate the facility to which the system message refers. A facility is a hardware device, a protocol, a feature, or a module of the system software.

System message SEVERITY codes range from 0 to 3 and reflect the severity of the condition. The lower the number, the more serious the situation. Table 1-5 lists the severity levels.

Table 1-5 System Log Message Format description
Level
Description

0 – emergency

System unusable

1 – alert

Immediate action needed

2 – critical

Critical condition

3 – notification

Normal but significant condition

MNEMONIC is a code that uniquely identifies the system message.

Message-text is a text string that describes the condition. This portion of the message might contain detailed information about the event, including terminal port numbers, network addresses, or addresses that correspond to locations in the system memory address space. Because the information in these variable fields changes from message to message, it is represented here by short strings enclosed in square brackets ( [ ]). A decimal number, for example, is represented as [dec].

Table 1-6 lists the representations of variable fields and the type of information in the fields.

 

Table 1-6 Representation of Variable Fields in System Messages
Representation
Type of Information

[dec]

Decimal number

[hex]

Hexadecimal number

[char]

Single character

[chars]

Character string

The following example system message shows how the variable field might be used:

%AUTHPRIV-3-SYSTEM_MSG: AUTHPRIV [dec] reported a failure in service [chars]

In this example,

Facility code =AUTHPRIV (indicating that it is a authpriv-specific error)

Severity =3 (notification)

Alarm/event code= SYSTEM_MSG

Description of the problem= Authpriv [dec] reported a failure in service [chars]

[dec] is the module slot number associated with this message.

[chars] is the service name that experienced this failure.

Capturing System Messages and History

The system messages are displayed instantly on the console, by default, or are redirected to an internal log file, or a syslog server. System message severity levels correspond to the keywords assigned by the logging global configuration commands. These keywords define where and at what level these messages appear (see to the Cisco NX-OS System Management Configuration Guid e). Only system messages that correspond to the configured logging level or higher severity messages are logged. As an example, if you set the logging level to 3 (error), then you get error, critical, alerts, and emergency system messages, but you do not get warning, notification, informational, or debugging system messages.

For complete information about handling system messages, see the Cisco NX-OS System Management Configuration Guide, Release 4.1.

Saving the System Messages Log

The logging logfile global configuration command enables copying of system messages to an internal log file and optionally sets the size of the file. To display the messages that are logged in the file, use the show logging EXEC command. The first message displayed is the oldest message in the buffer. To clear the current contents of the buffer, use the clear debug-logfile command.

Logging System Messages to a Syslog Server

The logging host-name command identifies a syslog server host to receive logging messages. The host-name argument is the name or Internet address of the host. By issuing this command more than once, you build a list of syslog servers that receive logging messages. The no logging host-name command deletes the syslog server with the specified address from the list of syslog servers.