Configuring System Message Logging

This chapter describes how to configure system message logging on Cisco NX-OS devices.

This chapter contains the following sections:

About System Message Logging

You can use system message logging to control the destination and to filter the severity level of messages that system processes generate. You can configure logging to terminal sessions, a log file, and syslog servers on remote systems.

For more information about the system message format and the messages that the device generates, see the Cisco NX-OS System Messages Reference.

By default, the device outputs messages to terminal sessions and logs system messages to a log file.

The following table describes the severity levels used in system messages. When you configure the severity level, the system outputs messages at that level and lower.

Table 1. System Message Severity Levels

Level

Description

0 – emergency

System unusable

1 – alert

Immediate action needed

2 – critical

Critical condition

3 – error

Error condition

4 – warning

Warning condition

5 – notification

Normal but significant condition

6 – informational

Informational message only

7 – debugging

Appears during debugging only

The device logs the most recent 100 messages of severity 0, 1, or 2 to the NVRAM log. You cannot configure logging to the NVRAM.

You can configure which system messages should be logged based on the facility that generated the message and its severity level.

Syslog Servers

The syslog servers run on remote systems that log system messages based on the syslog protocol. You can configure up to eight IPv4 or IPv6 syslog servers.

To support the same configuration of syslog servers on all switches in a fabric, you can use Cisco Fabric Services (CFS) to distribute the syslog server configuration.


Note

When the device first initializes, messages are sent to syslog servers only after the network is initialized.

Secure Syslog Servers

Beginning with Cisco NX-OS Release 9.2(1), you can configure the syslog server with support for a secure TLS transport connectivity to remote logging servers. Additionally, you can enforce the NX-OS switches (client) identity via the mutual authentication configuration. For NX-OS switches, this feature supports TLSv1.1 and TLSv1.2.

The Secure syslog server feature uses the TCP/TLS transport and security protocols to provide device authentication and encryption. This feature enables a Cisco NX-OS device (acting as a client) to make a secure, encrypted outbound connection to remote syslog servers (acting as a server) supporting secure connectivity for logging. With authentication and encryption, this feature allows for a secure communication over an insecure network.

Guidelines and Limitations for System Message Logging

System message logging has the following configuration guidelines and limitations:

  • System messages are logged to the console and the log file by default.

  • Any system messages that are printed before the syslog server is reachable (such as supervisor active or online messages) cannot be sent to the syslog server.

  • Cisco recommends maintaining the logging levels for all processes at default. Increasing the levels to higher values can result in seeing syslog messages that are not intended for customers, can generate false alarms, and are generally supposed to be used for short-term troubleshooting purposes by TAC. Cisco does not provide support for syslog messages at levels above default.

  • Due to limitations in Syslog, securePOAP pem file name characters length is limited to 230 characters, though secure POAP supports 256 characters length for a pem file name.

  • Beginning with Cisco NX-OS Release 9.2(1), you can configure the syslog server with support for a secure TLS transport connectivity to remote logging servers. This feature supports TLS v1.1 and TLS v1.2.

  • Beginning with Cisco NX-OS Release 10.2(4)M, TLS v1.3 is supported for syslog on Cisco Nexus 9000 series platform switches.

  • Beginning with Cisco NX-OS Release 10.4(3)F, only TLS v1.2 and TLS v1.3 is supported for syslog on Cisco Nexus 9000 Series platform switches. TLS v1.1 and TLS v1.0 support for syslog is deprecated.

  • For the secure syslog server(s) to be reachable over an in-band (nonmanagement) interface, the CoPP profile may need tweaks. Especially when multiple logging servers are configured and when many syslogs are generated in a short time (such as, boot up and config application).

  • This guideline applies to the user-defined persistent logging file:

    The syslog command, logging logfile , allows the configuration of the logfile both in persistent (/logflash/log) and non-persistent locations (/log).

    The default logfile is named “messages” and this file, along with backup files (if present) messages.1, messages.2, messages.3, messages.4 cannot be deleted, even by the delete /log/ or delete logflash:/log/ commands.

    There is a provision to configure custom-named logfiles (logging logfile file-name severity ), however this custom-named file can be deleted by the delete operation. If this occurs, syslog logging does not function.

    For example, the custom-named logfile is configured and the same file gets deleted via delete operation. Because this is an intentional delete operation, in order to log the syslog messages on the custom logfiles, you must reconfigure the custom logfile using command logging logfile file-name severity . Until this configuration is performed, the syslog logging cannot occur.

  • Generally, the syslogs display the local time zone. However, few components such as NGINX display the logs in UTC time zone.

Default Settings for System Message Logging

The following table lists the default settings for the system message logging parameters.

Table 2. Default System Message Logging Parameters

Parameters

Default

Console logging

Enabled at severity level 2

Monitor logging

Enabled at severity level 5

Log file logging

Enabled to log messages at severity level 5

Module logging

Enabled at severity level 5

Facility logging

Enabled

Time-stamp units

Seconds

Syslog server logging

Disabled

Syslog server configuration distribution

Disabled

Configuring System Message Logging


Note
Be aware that the Cisco NX-OS commands for this feature might differ from those commands used in Cisco IOS.

Configuring System Message Logging to Terminal Sessions

You can configure the device to log messages by their severity level to console, Telnet, and SSH sessions.

By default, logging is enabled for terminal sessions.


Note
The current critical (default) logging level is maintained if the console baud speed is 9600 baud (default). All attempts to change the console logging level will generate an error message. To increase the logging level (above critical), you must change the console baud speed to 38400 baud.

SUMMARY STEPS

  1. terminal monitor
  2. configure terminal
  3. [no] logging console [severity-level]
  4. (Optional) show logging console
  5. [no] logging monitor [severity-level]
  6. (Optional) show logging monitor
  7. [no] logging message interface type ethernet description
  8. (Optional) copy running-config startup-config

DETAILED STEPS

  Command or Action Purpose

Step 1

terminal monitor

Example:

switch# terminal monitor

Enables the device to log messages to the console.

Step 2

configure terminal

Example:

switch# configure terminal
switch(config)#

Enters global configuration mode.

Step 3

[no] logging console [severity-level]

Example:

switch(config)# logging console 3

Configures the device to log messages to the console session based on a specified severity level or higher. A lower number indicates a higher severity level. Severity levels range from 0 to 7:

  • 0 – emergency

  • 1 – alert

  • 2 – critical

  • 3 – error

  • 4 – warning

  • 5 – notification

  • 6 – informational

  • 7 – debugging

If the severity level is not specified, the default of 2 is used. The no option disables the device’s ability to log messages to the console.

Step 4

(Optional) show logging console

Example:

switch(config)# show logging console
 (Optional)

Displays the console logging configuration.

Step 5

[no] logging monitor [severity-level]

Example:

switch(config)# logging monitor 3

Enables the device to log messages to the monitor based on a specified severity level or higher. A lower number indicates a higher severity level. Severity levels range from 0 to 7:

  • 0 – emergency

  • 1 – alert

  • 2 – critical

  • 3 – error

  • 4 – warning

  • 5 – notification

  • 6 – informational

  • 7 – debugging

The configuration applies to Telnet and SSH sessions.

If the severity level is not specified, the default of 2 is used. The no option disables the device’s ability to log messages to the Telnet and SSH sessions.

Step 6

(Optional) show logging monitor

Example:

switch(config)# show logging monitor
 (Optional)

Displays the monitor logging configuration.

Step 7

[no] logging message interface type ethernet description

Example:

switch(config)# logging message interface type ethernet description

Enables you to add the description for physical Ethernet interfaces and subinterfaces in the system message log. The description is the same description that was configured on the interface.

The no option disables the printing of the interface description in the system message log for physical Ethernet interfaces.

Step 8

(Optional) copy running-config startup-config

Example:

switch(config)# copy running-config startup-config
 (Optional)

Copies the running configuration to the startup configuration.

Configuring the Origin ID for Syslog Messages

You can configure Cisco NX-OS to append the hostname, an IP address, or a text string to syslog messages that are sent to remote syslog servers.

SUMMARY STEPS

  1. configure terminal
  2. logging origin-id {hostname | ip ip-address | string text-string}
  3. (Optional) show logging origin-id
  4. (Optional) copy running-config startup-config

DETAILED STEPS

  Command or Action Purpose

Step 1

configure terminal

Example:

switch# configure terminal
switch(config)#

Enters global configuration mode.

Step 2

logging origin-id {hostname | ip ip-address | string text-string}

Example:

switch(config)# logging origin-id string n9k-switch-abc

Specifies the hostname, IP address, or text string to be appended to syslog messages that are sent to remote syslog servers.

Step 3

(Optional) show logging origin-id

Example:

switch(config)# show logging origin-id
Logging origin_id : enabled (string: n9k-switch-abc)
 (Optional)

Displays the configured hostname, IP address, or text string that is appended to syslog messages that are sent to remote syslog servers.

Step 4

(Optional) copy running-config startup-config

Example:

switch(config)# copy running-config startup-config
(Optional)

Copies the running configuration to the startup configuration.

Logging System Messages to a File

You can configure the device to log system messages to a file. By default, system messages are logged to the file /logflash/log/logfilename .

SUMMARY STEPS

  1. configure terminal
  2. [ no ] logging logfile logfile-name severity-level [ persistent threshold percent | size bytes ]
  3. logging event {link-status | trunk-status} {enable | default}
  4. (Optional) show logging info
  5. (Optional) copy running-config startup-config

DETAILED STEPS

  Command or Action Purpose

Step 1

configure terminal

Example:

switch# configure terminal
switch(config)#

Enters global configuration mode.

Step 2

[ no ] logging logfile logfile-name severity-level [ persistent threshold percent | size bytes ]

Example:

switch(config)# logging logfile my_log 6

switch(config)# logging logfile my_log 6 persistent threshold 90

Configures the nonpersistent or persistent log file parameters.

logfile-name : Configures the name of the log file that is used to store system messages. Default filename is "message".

severity-level : Configures the minimum severity level to log. A lower number indicates a higher severity level. Default is 5. Range is from 0 through 7:

  • 0 – emergency

  • 1 – alert

  • 2 – critical

  • 3 – error

  • 4 – warning

  • 5 – notification

  • 6 – informational

  • 7 – debugging

persistent threshold percent : Optionally configure the threshold percentage for the persistent log file. Range is from 0 through 99.

Note

 

Setting persistent threshold to 0 (zero) disables the persistent threshold feature and generates no threshold syslogs.

percent configures the percent threshold size of the persistent file. Once the threshold size is reached, an alert notification message is logged. On reaching 100% utilization of the persistent log file, the system sends another syslog message notification. The system then creates a backup file of the existing log file and starts writing into a new log file with the configured threshold percentage applied. In total, the last five backup files are present at most. After five files, the system deletes files based on the oldest modified.

Note

 

Persistent logging is a system-enabled feature. Log files are located here: /logflash/log/[filename].

Outputs of the following show commands support the persistent log file feature:

  • show logging info

  • show logging

The outputs include the following persistent logging information:

Logging logflash: enabled (Severity: notifications)(threshold percentage: 99)
Logging logfile: enabled
Name - messages: Severity - notifications Size - 4194304

size bytes : Optionally specify maximum file size. Range is from 4096 through 4194304 bytes.

Step 3

logging event {link-status | trunk-status} {enable | default}

Example:

switch(config)# logging event link-status default

Logs interface events.

  • link-status —Logs all UP/DOWN and CHANGE messages.

  • trunk-status —Logs all TRUNK status messages.

  • enable —Specifies to enable logging to override the port level configuration.

  • default —Specifies that the default logging configuration is used by interfaces that are not explicitly configured.

Step 4

(Optional) show logging info

Example:

switch(config)# show logging info
(Optional)

Displays the logging configuration.

Step 5

(Optional) copy running-config startup-config

Example:

switch(config)# copy running-config startup-config
(Optional)

Copies the running configuration to the startup configuration.

Configuring Module and Facility Messages Logging

You can configure the severity level and time-stamp units of messages logged by modules and facilities.

SUMMARY STEPS

  1. configure terminal
  2. [no] logging module [severity-level]
  3. (Optional) show logging module
  4. [no] logging level facility severity-level
  5. (Optional) show logging level [facility]
  6. (Optional) [no] logging level ethpm
  7. [no] logging timestamp {microseconds | milliseconds | seconds}
  8. (Optional) show logging timestamp
  9. (Optional) copy running-config startup-config

DETAILED STEPS

  Command or Action Purpose

Step 1

configure terminal

Example:

switch# configure terminal
switch(config)#

Enters global configuration mode.

Step 2

[no] logging module [severity-level]

Example:

switch(config)# logging module 3

Enables module log messages that have the specified severity level or higher. Severity levels range from 0 to 7:

  • 0 – emergency

  • 1 – alert

  • 2 – critical

  • 3 – error

  • 4 – warning

  • 5 – notification

  • 6 – informational

  • 7 – debugging

If the severity level is not specified, the default of 5 is used. The no option disables module log messages.

Step 3

(Optional) show logging module

Example:

switch(config)# show logging module
 (Optional)

Displays the module logging configuration.

Step 4

[no] logging level facility severity-level

Example:

switch(config)# logging level aaa 2

Enables logging messages from the specified facility that have the specified severity level or higher. Severity levels range from 0 to 7:

  • 0 – emergency

  • 1 – alert

  • 2 – critical

  • 3 – error

  • 4 – warning

  • 5 – notification

  • 6 – informational

  • 7 – debugging

To apply the same severity level to all facilities, use the all facility. For defaults, see the show logging level command.

The no option resets the logging severity level for the specified facility to its default level. If you do not specify a facility and severity level, the device resets all facilities to their default levels.

Step 5

(Optional) show logging level [facility]

Example:

switch(config)# show logging level aaa
(Optional)

Displays the logging level configuration and the system default level by facility. If you do not specify a facility, the device displays levels for all facilities.

Note

 

In running configurations, the logging level for authpriv is displayed as authpri in releases earlier than 10.4(3)F and as authpriv from release 10.4(3)F.

Step 6

(Optional) [no] logging level ethpm

Example:


switch(config)# logging level ethpm ?
<0-7>      0-emerg;1-alert;2-crit;3-err;4-warn;5-notif;6-inform;7-debug
  link-down  Configure logging level for link down syslog messages
  link-up    Configure logging level for link up syslog messages

switch(config)#logging level ethpm link-down ?
error  ERRORS
  notif  NOTICE
(config)# logging level ethpm link-down error ?
  
<CR>
(config)# logging level ethpm link-down notif ?
<CR>
switch(config)#logging level ethpm link-up ?
error  ERRORS
  notif  NOTICE
(config)# logging level ethpm link-up error ?
  
<CR>
(config)# logging level ethpm link-up notif ?
<CR>
 (Optional)

Enables logging of the Ethernet Port Manager link-up/link-down syslog messages at level 3.

Use the no option to use the default logging level for Ethernet Port Manager syslog messages.

Step 7

[no] logging timestamp {microseconds | milliseconds | seconds}

Example:

switch(config)# logging timestamp milliseconds

Sets the logging time-stamp units. By default, the units are seconds.

Note

 
This command applies to logs that are kept in the switch. It does not apply to the external logging server.

Step 8

(Optional) show logging timestamp

Example:

switch(config)# show logging timestamp
(Optional)

Displays the logging time-stamp units configured.

Step 9

(Optional) copy running-config startup-config

Example:

switch(config)# copy running-config startup-config
(Optional)

Copies the running configuration to the startup configuration.

Configuring Syslog Servers


Note
Cisco recommends that you configure the syslog server to use the management virtual routing and forwarding (VRF) instance. For more information on VRFs, see Cisco Nexus 9000 Series NX-OS Unicast Routing Configuration Guide.

You can configure up to eight syslog servers that reference remote systems where you want to log system messages.


Note

Until Cisco NX-OS Release 10.3(2)F, when the user input certain default values, the running-config of logging server commands showed those default values randomly or inconsistently. However, beginning with Cisco NX-OS Release 10.3(2)F, the running config consistently shows only the non-default values.

For example, in earlier releases, for a certain user input, if the running-config showed logging server 1.1.1.1 port 514 facility local7 use-vrf default values, from Cisco NX-OS Release 10.3(2)F onwards, for the same input, the running-config shows only logging server 1.1.1.1 value. Notice that the default value such as the default port, default facility (local7), and the default VRF are not shown in the running-config.

SUMMARY STEPS

  1. configure terminal
  2. [no] logging server host [severity-level [use-vrf vrf-name]]
  3. logging source-interface loopback virtual-interface
  4. (Optional) show logging server
  5. (Optional) copy running-config startup-config

DETAILED STEPS

  Command or Action Purpose

Step 1

configure terminal

Example:

switch# configure terminal
switch(config)#

Enters global configuration mode.

Step 2

[no] logging server host [severity-level [use-vrf vrf-name]]

Example:

switch(config)# logging server 192.0.2.253

Example:

switch(config)# logging server 2001::3 5 use-vrf red

Configures a syslog server at the specified hostname, IPv4, or IPv6 address. You can specify logging of messages to a particular syslog server in a VRF by using the use-vrf keyword. The use-vrf vrf-name keyword identifies the default or management values for the VRF name. The default VRF is the management VRF, by default. However, the show-running command will not list the default VRF. Severity levels range from 0 to 7:

  • 0 – emergency

  • 1 – alert

  • 2 – critical

  • 3 – error

  • 4 – warning

  • 5 – notification

  • 6 – informational

  • 7 – debugging

The default outgoing facility is local7.

The no option removes the logging server for the specified host.

The first example forwards all messages on facility local 7. The second example forwards messages with severity level 5 or lower to the specified IPv6 address in VRF red.

Note

 

After configuring this command, any one of the following server status is displayed:

  • Configured – Configuration is successful.

  • No errors found - If the syslog is transmitted to the remote syslog server successfully, this status is displayed.

  • Temporarily unreachable - If there is a problem with transmission, this status is displayed. However, internally, the system probes the problem with transmission. After a while, when the issue is resolved, the status changes to No errors found.

Step 3

logging source-interface loopback virtual-interface

Example:

switch(config)# logging source-interface loopback 5

Enables a source interface for the remote syslog server. The range for the virtual-interface argument is from 0 to 1023.

Step 4

(Optional) show logging server

Example:

switch(config)# show logging server
 (Optional)

Displays the syslog server configuration.

Step 5

(Optional) copy running-config startup-config

Example:

switch(config)# copy running-config startup-config
(Optional)

Copies the running configuration to the startup configuration.

Configuring Secure Syslog Servers

SUMMARY STEPS

  1. configure terminal
  2. [no] logging server host [severity-level [port port-number][secure[trustpoint client-identity trustpoint-name]][use-vrf vrf-name]]
  3. (Optional) logging source-interface interface name
  4. (Optional) show logging server
  5. (Optional) copy running-config startup-config

DETAILED STEPS

  Command or Action Purpose

Step 1

configure terminal

Example:

switch# configure terminal
switch(config)#

Enters global configuration mode.

Step 2

[no] logging server host [severity-level [port port-number][secure[trustpoint client-identity trustpoint-name]][use-vrf vrf-name]]

Example:

switch(config)# logging server 192.0.2.253 secure

Example:

switch(config)# logging server 2001::3 5 secure trustpoint client-identity myCA use-vrf red

Configures a syslog server at the specified hostname or IPv4 or IPv6 address. Optionally, you can enforce a mutual authentication by installing the client identity certificate that is signed by any CA and using the trustpoint client-identity option.

The default destination port for a secure TLS connection is 6514.

Step 3

(Optional) logging source-interface interface name

Example:

switch(config)# logging source-interface lo0
 (Optional)

Enables a source interface for the remote syslog server.

Step 4

(Optional) show logging server

Example:

switch(config)# show logging server
 (Optional)

Displays the syslog server configuration. If the secure option is configured, the output will have an entry with the transport information. By default, the transport is UDP if the secure option is not configured.

Step 5

(Optional) copy running-config startup-config

Example:

switch(config)# copy running-config startup-config
(Optional)

Copies the running configuration to the startup configuration.

Configuring Secure Syslog Servers - Non-strict Mode for OCSP

In Cisco NX-OS Release 9.3(8), when the OCSP responder is down, or if there are OCSP signing issues, SSL connection fails as OCSP works in a strict mode. Hence, beginning with Cisco NX-OS Release 9.3(9), the following new command is introduced to allow you to enable or disable strict-mode.

[no] logging secure ocsp strict


Note

By default, the strict-mode is enabled. Use the no form of the command to enable the non-strict-mode.

Configuring the CA Certificate

For the secure syslog feature support, the remote servers must be authenticated via a trustpoint configuration.

SUMMARY STEPS

  1. configure terminal
  2. [no] crypto ca trustpoint trustpoint-name
  3. crypto ca authenticate trustpoint-name
  4. (Optional) show crypto ca certificate
  5. (Optional) copy running-config startup-config

DETAILED STEPS

  Command or Action Purpose

Step 1

configure terminal

Example:

switch# configure terminal
switch(config)#

Enters global configuration mode.

Step 2

[no] crypto ca trustpoint trustpoint-name

Example:

switch(config)# crypto ca trustpoint winca
switch(config-trustpoint)#

Configures a trustpoint.

Note

 
You must configure the ip domain-name before the trustpoint configuration.

Step 3

crypto ca authenticate trustpoint-name

Example:

switch(config-trustpoint)# crypto ca authenticate winca

Configures a CA certificate for the trustpoint.

Step 4

(Optional) show crypto ca certificate

Example:

switch(config)# show crypto ca certificates
 (Optional)

Displays the configured certificate/chain and the associated trustpoint.

Step 5

(Optional) copy running-config startup-config

Example:

switch(config)# copy running-config startup-config
(Optional)

Copies the running configuration to the startup configuration so that the trustpoint is persistent across the reload of the device.

Enrolling the CA Certificate

For mutual authentication, where the remote server wants the NX-OS switch (the client) to identify, that the peer authentication is mandatory, this is an additional configuration to enroll the certificate on the switch.

SUMMARY STEPS

  1. configure terminal
  2. crypto key generate rsa label key name exportable modules 2048
  3. [no] crypto ca trustpoint trustpoint-name
  4. rsakeypair key-name
  5. crypto ca trustpoint trustpoint-name
  6. [no] crypto ca enroll trustpoint-name
  7. crypto ca import trustpoint-name certificate
  8. (Optional) show crypto ca certificates
  9. copy running-config startup-config

DETAILED STEPS

  Command or Action Purpose

Step 1

configure terminal

Example:

switch# configure terminal
switch(config)#

Enters global configuration mode.

Step 2

crypto key generate rsa label key name exportable modules 2048

Example:

switch(config-trustpoint)# crypto key generate rsa label myKey exportable modulus 2048

Configure an RSA key pair. By default, the Cisco NX-OS software generates an RSA key using 1024 bits.

Step 3

[no] crypto ca trustpoint trustpoint-name

Example:

switch(config)# crypto ca trustpoint myCA
switch(config-trustpoint)#

Configures a trustpoint.

Note

 
You must configure the ip domain-name before the trustpoint configuration.

Step 4

rsakeypair key-name

Example:

switch(config-trustpoint)# rsakeypair myKey

Associates the keypair generated to the trustpoint CA.

Step 5

crypto ca trustpoint trustpoint-name

Example:

switch(config)# crypto ca authenticate myCA

Configures a CA certificate for the trustpoint.

Step 6

[no] crypto ca enroll trustpoint-name

Example:

switch(config)# crypto ca enroll myCA

Generate an identity certificate of the switch to enroll it to a CA.

Step 7

crypto ca import trustpoint-name certificate

Example:

switch(config-trustpoint)# crypto ca import myCA certificate

Imports the identity certificate signed by the CA to the switch.

Step 8

(Optional) show crypto ca certificates

Example:

switch# show crypto ca certificates
 (Optional)

Displays the configured certificate or chain and the associated trustpoint.

Step 9

copy running-config startup-config

Example:

switch# copy running-config startup-config

Copies the running configuration to the startup configuration.

Configuring Syslog Servers on a UNIX or Linux System

You can configure a syslog server on a UNIX or Linux system by adding the following line to the /etc/syslog.conf file: 

facility.level  <five tab characters> action

The following table describes the syslog fields that you can configure.

Table 3. Syslog fields in syslog.conf
Field Description

Facility

Creator of the message, which can be auth, authpriv, cron, daemon, kern, lpr, mail, mark, news, syslog, user, local0 through local7, or an asterisk (*) for all. These facility designators allow you to control the destination of messages based on their origin.

Note

 

Check your configuration before using a local facility.

Level

Minimum severity level at which messages are logged, which can be debug, info, notice, warning, err, crit, alert, emerg, or an asterisk (*) for all. You can use none to disable a facility.

Action

Destination for messages, which can be a filename, a hostname preceded by the at sign (@), a comma-separated list of users, or an asterisk (*) for all logged-in users.

SUMMARY STEPS

  1. Log debug messages with the local7 facility in the file /var/log/myfile.log by adding the following line to the /etc/syslog.conf file:
  2. Create the log file by entering these commands at the shell prompt:
  3. Make sure the system message logging daemon reads the new changes by checking myfile.log after entering this command:

DETAILED STEPS

Step 1

Log debug messages with the local7 facility in the file /var/log/myfile.log by adding the following line to the /etc/syslog.conf file:

Example:

debug.local7 var/log/myfile.log

Step 2

Create the log file by entering these commands at the shell prompt:

Example:

$ touch /var/log/myfile.log
$ chmod 666 /var/log/myfile.log

Step 3

Make sure the system message logging daemon reads the new changes by checking myfile.log after entering this command:

Example:

$ kill -HUP ~cat /etc/syslog.pid~

Displaying and Clearing Log Files

You can display or clear messages in the log file and the NVRAM.

SUMMARY STEPS

  1. show logging last number-lines
  2. show logging logfile duration hh:mm:ss
  3. show logging logfile last-index
  4. show logging logfile [start-time yyyy mmm dd hh:mm:ss] [end-time yyyy mmm dd hh:mm:ss]
  5. show logging logfile [start-seqn number ] [end-seqn number]
  6. show logging nvram [last number-lines]
  7. clear logging logfile [ persistent ]
  8. clear logging nvram

DETAILED STEPS

  Command or Action Purpose

Step 1

show logging last number-lines

Example:

switch# show logging last 40

Displays the last number of lines in the logging file. You can specify from 1 to 9999 for the last number of lines.

Step 2

show logging logfile duration hh:mm:ss

Example:

switch# show logging logfile duration 15:10:0

Displays the messages in the log file that have occurred within the duration entered.

Step 3

show logging logfile last-index

Example:

switch# show logging logfile last-index

Displays the sequence number of the last message in the log file.

Step 4

show logging logfile [start-time yyyy mmm dd hh:mm:ss] [end-time yyyy mmm dd hh:mm:ss]

Example:

switch# show logging logfile start-time 2013 oct 1 15:10:0

Displays the messages in the log file that have a timestamp within the span entered. If you do not enter an end time, the current time is used. You enter three characters for the month time field and digits for the year and day time fields.

Step 5

show logging logfile [start-seqn number ] [end-seqn number]

Example:

switch# show logging logfile start-seqn 100 end-seqn 400

Displays messages occurring within a range of sequence numbers. If you do not include an end sequence number, the system displays messages from the start number to the last message in the log file.

Step 6

show logging nvram [last number-lines]

Example:

switch# show logging nvram last 10

Displays the messages in the NVRAM. To limit the number of lines displayed, you can enter the last number of lines to display. You can specify from 1 to 100 for the last number of lines.

Step 7

clear logging logfile [ persistent ]

Example:

switch# clear logging logfile

Clears the contents of the log file.

persistent : Clears the contents of the log file from the persistent location.

Step 8

clear logging nvram

Example:

switch# clear logging nvram

Clears the logged messages in NVRAM.

Verifying the System Message Logging Configuration

To display system message logging configuration information, perform one of the following tasks:

Command

Purpose

show logging console

Displays the console logging configuration.

show logging info

Displays the logging configuration.

show logging last number-lines

Displays the last number of lines of the log file.

show logging level [facility]

Displays the facility logging severity level configuration.

show logging logfile duration hh:mm:ss

Displays the messages in the log file that have occurred within the duration entered.
show logging logfile last-index

Displays the sequence number of the last message in the log file.
show logging logfile [start-time yyyy mmm dd hh:mm:ss] [end-time yyyy mmm dd hh:mm:ss]

Displays the messages in the log file based on a start and end date/time.

show logging logfile [start-seqn number ] [end-seqn number]

Displays messages occurring within a range of sequence numbers. If you do not include an end sequence number, the system displays messages from the start number to the last message in the log file.

show logging module

Displays the module logging configuration.

show logging monitor

Displays the monitor logging configuration.

show logging nvram [last number-lines]

Displays the messages in the NVRAM log.

show logging server

Displays the syslog server configuration.

show logging timestamp

Displays the logging time-stamp units configuration.

Repeated System Logging Messages

System processes generate logging messages. Depending on the filters used to control which severity levels are generated, a large number of messages can be produced with many of them being repeated.

To make it easier to develop scripts to manage the volume of logging messages, and to eliminate repeated messages from “flooding” the output of the show logging log command, the following method of logging repeated messages is used.

In the old method, when the same message was repeated, the default was to state the number of times it reoccurred in the message:

2019 Mar 11 13:42:44 Cisco-customer %PTP-2-PTP_INCORRECT_PACKET_ON_SLAVE: 
Incorrect delay response packet received on slave interface Eth1/48 by 
2c:5a:0f:ff:fe:51:e9:9f. Source Port Identity is 08:00:11:ff:fe:22:3e:4e. Requesting Port 
Identity is 00:1c:73:ff:ff:ee:f6:e5
2019 Mar 11 13:43:15 Cisco-customer last message repeated 242 times

The new method simply appends the repeat count to the end of the repeated message:

2019 Mar 11 13:42:44 Cisco-customer %PTP-2-PTP_INCORRECT_PACKET_ON_SLAVE: 
Incorrect delay response packet received on slave interface Eth1/48 by 
2c:5a:0f:ff:fe:51:e9:9f. Source Port Identity is 08:00:11:ff:fe:22:3e:4e. Requesting Port 
Identity is 00:1c:73:ff:ff:ee:f6:e5

2019 Mar 11 13:43:15 Cisco-customer %PTP-2-PTP_INCORRECT_PACKET_ON_SLAVE: 
Incorrect delay response packet received on slave interface Eth1/48 by 
2c:5a:0f:ff:fe:51:e9:9f. Source Port Identity is 08:00:11:ff:fe:22:3e:4e. Requesting Port 
Identity is 00:1c:73:ff:ff:ee:f6:e5 (message repeated 242 times)

Configuration Example for System Message Logging

This example shows how to configure system message logging: 

configure terminal
 logging console 3
 logging monitor 3
 logging logfile my_log 6
 logging module 3
 logging level aaa 2
 logging timestamp milliseconds
 logging server 172.28.254.253
 logging server 172.28.254.254 5 facility local3
 copy running-config startup-config

Additional References

Related Documents

Related Topic Document Title
System messages Cisco NX-OS System Messages Reference