Summary Data

Revision History

Note	Revision history details are not provided for features introduced before releases 21.2 and N5.5.

There are five types of logs that can be configured and viewed on the system:

The system can be configured to generate logs based on user-defined filters. The filters specify the facilities (system tasks or protocols) that the system is to monitor and severity levels at which to trigger the generation of the event entries.

Event logs are stored in system memory and can be viewed via the CLI. There are two memory buffers that store event logging information. The first buffer stores the active log information. The second buffer stores inactive logging information. The inactive buffer is used as a temporary repository to allow you to view logs without having data be overwritten. Logs are copied to the inactive buffer only through manual intervention.

Each buffer can store up to 50,000 events. Once these buffers reach their capacity, the oldest information is removed to make room for the newest.

To prevent the loss of log data, the system can be configured to transmit logs to a syslog server over a network interface.

Active logs are event logs that are operator configurable on a CLI instance-by-CLI instance basis. Active logs configured by an administrative user in one CLI instance are not displayed to an administrative user in a different CLI instance. Each active log can be configured with filter and display properties that are independent of those configured globally for the system. Active logs are displayed in real time as they are generated.

Active logs are not written to the active memory buffer by default. To write active logs to the active memory buffer execute the following command in the Global Configuration mode:

[local]host_name(config)# logging runtime buffer store all-events

When active logs are written to the active memory buffer, they are available to all users in all CLI instances.

Use the following example to configure active logging in Global Configuration mode:

[local]host_name(config)# logging filter runtime facility facility level report_level

Once all of the necessary information has been gathered, the Active log display can be stopped by entering the following command in the Exec mode:

no logging active

The following facilities can be configured for logging event data:

• a10: A10 interface facility

• a11: A11 interface facility

• a11mgr: A11 Manager facility

• aaa-client: Authentication, Authorization and Accounting (AAA) client facility

• aaamgr: AAA manager logging facility

• aaaproxy: AAA Proxy facility

• aal2: ATM Adaptation Layer 2 (AAL2) protocol logging facility

• acl-log: Access Control List (ACL) logging facility

• acsctrl: Active Charging Service (ACS) Controller facility

• acsmgr: ACS Manager facility

• afctrl: Fabric Controller facility [ASR 5500 only]

• afmgr: Fabric Manager logging facility [ASR 5500 only]

• alarmctrl: Alarm Controller facility

• alcap: Access Link Control Application Part (ALCAP) protocol logging facility

• alcapmgr: ALCAP manager logging facility

• all: All facilities

• bfd: Bidirectional Forwarding Detection (BFD) protocol logging facility

• bgp: Border Gateway Protocol (BGP) facility

• bindmux: IPCF BindMux-Demux Manager logging facility

• bngmgr: Broadband Network Gateway (BNG) Demux Manager logging facility

• bssap+: Base Station Sub-system Application Part+ protocol facility for the login interface between the SGSN and the MSC/VLR (2.5G and 3G)

• bssgp: Base Station Sub-system GPRS Protocol logging facility handles exchange information between the SGSN and the BSS (2.5G only)

• callhome: Call Home application logging facility

• cap: CAMEL Application Part (CAP) logging facility for protocol used in prepaid applications (2.5G and 3G)

• cbsmgr: Cell Broadcasting Service (CBS) logging facility [HNBGW]

• cdf: Charging Data Function (CDF) logging facility

• cgw: Converged Access Gateway (CGW) logging facility

• cli: Command Line Interface (CLI) logging facility

• cmp: Certificate Management Protocol (IPSec) logging facility

• confdmgr: ConfD Manager proclet (NETCONF) logging facility

• connectedapps: SecGW ASR 9000 oneP communication procotol

• connproxy: Controller Proxy logging facility

• credit-control: Credit Control (CC) facility

• csp: Card/Slot/Port controller facility

• css: Content Service Selection (CSS) facility

• css-sig: CSS RADIUS Signaling facility

• data-mgr: Data Manager Framework logging facility

• dcardctrl: IPSec Daughter Card Controller logging facility

• dcardmgr: IPSec Daughter Card Manager logging facility

• demuxmgr: Demux Manager API facility

• dgmbmgr: Diameter Gmb Application Manager logging facility

• dhcp: Dynamic Host Configuration Protocol (DHCP) logging facility

• dhcpv6: DHCPv6

• dhost: Distributed Host logging facility

• diabase: Diabase messages facility

• diactrl: Diameter Controller proclet logging facility

• diameter: Diameter endpoint logging facility

• diameter-acct: Diameter Accounting

• diameter-auth: Diameter Authentication

• diameter-dns: Diameter DNS subsystem

• diameter-ecs: ACS Diameter signaling facility

• diameter-engine: Diameter version2 engine logging facility

• diameter-hdd: Diameter Horizontal Directional Drilling (HDD) Interface facility

• diameter-svc: Diameter Service

• diamproxy: DiamProxy logging facility

• dpath: IPSec Data Path logging facility

• drvctrl: Driver Controller logging facility

• eap-diameter: Extensible Authentication Protocol (EAP) IP Sec urity facility

• eap-ipsec: Extensible Authentication Protocol (EAP) IPSec facility

• eap-sta-s6a-s13-s6b-diameter: EAP/STA/S6A/S13/S6B Diameter messages facility

• ecs-css: ACSMGR <-> Session Manager Signalling Interface facility

• egtpc: eGTP-C logging facility

• egtpmgr: enhanced GPRS Tunneling Protocol (eGTP) manager logging facility

• egtpu: eGTP-U logging facility

• embms: evolved Multimedia Broadcast Multicast Services Gateway facility

• embms: eMBMS Gateway Demux facility

• epdg: evolved Packet Data (ePDG) gateway logging facility

• event-notif: Event Notification Interface logging facility

• evlog: Event log facility

• famgr: Foreign Agent manager logging facility

• firewall: Firewall logging facility

• fng: Femto Network Gateway (FNG) logging facility

• gbmgr: SGSN Gb Interface Manager facility

• gmm:

  • For 2.5G: Logs the GPRS Mobility Management (GMM) layer (above LLC layer)

  • For 3G: Logs the access application layer (above the RANAP layer)

• gprs-app: GPRS Application logging facility

• gprs-ns: GPRS Network Service Protocol (layer between SGSN and the BSS) logging facility

• gq-rx-tx-diameter: Gq/Rx/Tx Diameter messages facility

• gss-gcdr: GTPP Storage Server GCDR facility

• gtpc: GTP-C protocol logging facility

• gtpcmgr: GTP-C protocol manager logging facility

• gtpp: GTP-prime protocol logging facility

• gtpu: GTP-U protocol logging facility

• gtpumgr: GTP-U Demux manager

• gx-ty-diameter: Gx/Ty Diameter messages facility

• gy-diameter: Gy Diameter messages facility

• h248prt: H.248 port manager facility

• hamgr: Home Agent manager logging facility

• hat: High Availability Task (HAT) process facility

• hdctrl: HD Controller logging facility

• henbapp: Home Evolved NodeB (HENB) App facility (Do not use this keyword for HENB-GW in Release 20)

• henbgw: HENB-GW facility (Do not use this keyword for HENB-GW in Release 20)

• henbgw-pws: HENB-GW Public Warning System logging facility (Do not use this keyword for HENB-GW in Release 20)

• henbgw-sctp-acs: HENB-GW access Stream Control Transmission Protocol (SCTP) facility (Do not use this keyword for HENB-GW in Release 20)

• henbgw-sctp-nw: HENBGW network SCTP facility (Do not use this keyword for HNB-GW in Release 20)

• henbgwdemux: HENB-GW Demux facility (Do not use this keyword for HNB-GW in Release 20)

• henbgwmgr: HENB-GW Manager facility (Do not use this keyword for HNB-GW in Release 20)

• hnb-gw: HNB-GW (3G Femto GW) logging facility (Do not use this keyword for HNB-GW in Release 20)

• hnbmgr: HNB-GW Demux Manager logging facility (Do not use this keyword for HNB-GW in Release 20)

• hss-peer-service: Home Subscriber Server (HSS) Peer Service facility

• igmp: Internet Group Management Protocol (IGMP)

• ikev2: Internet Key Exchange version 2 (IKEv2)

• ims-authorizatn: IP Multimedia Subsystem (IMS) Authorization Service facility

• ims-sh: HSS Diameter Sh Interface Service facility

• imsimgr: SGSN IMSI Manager facility

• imsue: IMS User Equipment (IMSUE) facility

• ip-arp: IP Address Resolution Protocol facility

• ip-interface: IP interface facility

• ip-route: IP route facility

• ipms: Intelligent Packet Monitoring System (IPMS) logging facility

• ipne: IP Network Enabler (IPNE) facility

• ipsec: IP Security logging facility

• ipsecdemux: IPSec demux logging facility

• ipsg: IP Service Gateway interface logging facility

• ipsgmgr: IP Services Gateway facility

• ipsp: IP Pool Sharing Protocol logging facility

• kvstore: Key/Value Store (KVSTORE) Store facility

• l2tp-control: Layer 2 Tunneling Protocol (L2TP) control logging facility

• l2tp-data: L2TP data logging facility

• l2tpdemux: L2TP Demux Manager logging facility

• l2tpmgr: L2TP Manager logging facility

• lagmgr: Link Aggregation Group (LAG) manager logging facility

• lcs: Location Services (LCS) logging facility

• ldap: Lightweight Directory Access Protocol (LDAP) messages logging facility

• li: Refer to the Lawful Intercept Configuration Guide for a description of this command.

• linkmgr: SGSN/BSS SS7 Link Manager logging facility (2.5G only)

• llc: Logical Link Control (LLC) Protocol logging facility; for SGSN: logs the LLC layer between the GMM and the BSSGP layers for logical links between the MS and the SGSN

• local-policy: Local Policy Service facility

• location-service: Location Services facility

• m3ap: M3 Application Protocol facility

• m3ua: M3UA Protocol logging facility

• magmgr: Mobile Access Gateway manager logging facility

• map: Mobile Application Part (MAP) protocol logging facility

• megadiammgr: MegaDiameter Manager (SLF Service) logging facility

• mme-app: Mobility Management Entity (MME) Application logging facility

• mme-embms: MME evolved Multimedia Broadcast Multicast Service facility

• mme-misc: MME miscellaneous logging facility

• mmedemux: MME Demux Manager logging facility

• mmemgr: MME Manager facility

• mmgr: Master Manager logging facility

• mobile-ip: Mobile IP processes

• mobile-ip-data: Mobile IP data facility

• mobile-ipv6: Mobile IPv6 logging facility

• mpls: Multiprotocol Label Switching (MPLS) protocol logging facility

• mrme: Multi Radio Mobility Entity (MRME) logging facility

• mseg-app: Mobile Services Edge Gateway (MSEG) application logging facility (This option is not supported in this release.)

• mseg-gtpc: MSEG GTP-C application logging facility (This option is not supported in this release.)

• mseg-gtpu: MSEG GTP-U application logging facility (This option is not supported in this release.)

• msegmgr: MSEG Demux Manager logging facility (This option is not supported in this release.)

• mtp2: Message Transfer Part 2 (MTP2) Service logging facility

• mtp3: Message Transfer Part 3 (MTP3) Protocol logging facility

• multicast-proxy: Multicast Proxy logging facility

• nas: Non-Access Stratum (NAS) protocol logging facility [MME 4G]

• netwstrg: Network Storage facility

• npuctrl: Network Processor Unit Control facility

• npumgr: Network Processor Unit Manager facility

• npumgr-acl: NPUMGR ACL logging facility

• npumgr-drv: NPUMGR DRV logging facility

• npumgr-flow: NPUMGR FLOW logging facility

• npumgr-fwd: NPUMGR FWD logging facility

• npumgr-init: NPUMGR INIT logging facility

• npumgr-lc: NPUMGR LC logging facility

• npumgr-port: NPUMGR PORT logging facility

• npumgr-recovery: NPUMGR RECOVERY logging facility

• npumgr-rri: NPUMGR RRI (Reverse Route Injection) logging facility

• npumgr-vpn: NPUMGR VPN logging facility

• ntfy-intf: Notification Interface logging facility [Release 12.0 and earlier versions only]

• ocsp: Online Certificate Status Protocol logging facility.

• orbs: Object Request Broker System logging facility

• ospf: OSPF protocol logging facility

• ospfv3: OSPFv3 protocol logging facility

• p2p: Peer-to-Peer Detection logging facility

• pagingmgr: PAGINGMGR logging facility

• pccmgr: Intelligent Policy Control Function (IPCF) Policy Charging and Control (PCC) Manager library

• pdg: Packet Data Gateway (PDG) logging facility

• pdgdmgr: PDG Demux Manager logging facility

• pdif: Packet Data Interworking Function (PDIF) logging facility

• pgw: Packet Data Network Gateway (PGW) logging facility

• pmm-app: Packet Mobility Management (PMM) application logging facility

• ppp: Point-To-Point Protocol (PPP) link and packet facilities

• pppoe: PPP over Ethernet logging facility

• proclet-map-frwk: Proclet mapping framework logging facility

• push: VPNMGR CDR push logging facility

• radius-acct: RADIUS accounting logging facility

• radius-auth: RADIUS authentication logging facility

• radius-coa: RADIUS change of authorization and radius disconnect

• ranap: Radio Access Network Application Part (RANAP) Protocol facility logging info flow between SGSN and RNS (3G)

• rct: Recovery Control Task logging facility

• rdt: Redirect Task logging facility

• resmgr: Resource Manager logging facility

• rf-diameter: Diameter Rf interface messages facility

• rip: Routing Information Protocol (RIP) logging facility [RIP is not supported at this time.]

• rlf: Rate Limiting Function (RLF) logging facility

• rohc: Robust Header Compression (RoHC) facility

• rsvp: Reservation Protocol logging facility

• rua: RANAP User Adaptation (RUA) [3G Femto GW - RUA messages] logging facility

• s102: S102 protocol logging facility

• s102mgr: S102Mgr logging facility

• s1ap: S1 Application Protocol (S1AP) Protocol logging facility

• sabp: Service Area Broadcast Protocol (SABP) logging facility

• saegw: System Architecture Evolution (SAE) Gateway facility

• sbc: SBc protocol logging facility

• sccp: Signalling Connection Control Part (SCCP) Protocol logging (connection-oriented messages between RANAP and TCAP layers).

• sct: Shared Configuration Task logging facility

• sctp: Stream Control Transmission Protocol (SCTP) Protocol logging facility

• sef_ecs: Severely Errored Frames (SEF) APIs printing facility

• sess-gr: SM GR facility

• sessctrl: Session Controller logging facility

• sessmgr: Session Manager logging facility

• sesstrc: session trace logging facility

• sft: Switch Fabric Task logging facility

• sgs: SGs interface protocol logging facility

• sgsn-app: SGSN-APP logging various SGSN "glue" interfaces (for example, between PMM, MAP, GPRS-FSM, SMS).

• sgsn-failures: SGSN call failures (attach/activate rejects) logging facility (2.5G)

• sgsn-gtpc: SGSN GTP-C Protocol logging control messages between the SGSN and the GGSN

• sgsn-gtpu: SGSN GTP-U Protocol logging user data messages between the SGSN and GGSN

• sgsn-mbms-bearer: SGSN Multimedia Broadcast/Multicast Service (MBMS) Bearer app (SMGR) logging facility

• sgsn-misc: Used by stack manager to log binding and removing between layers

• sgsn-system: SGSN System Components logging facility (used infrequently)

• sgsn-test: SGSN Tests logging facility; used infrequently

• sgtpcmgr: SGSN GTP-C Manager logging information exchange through SGTPC and the GGSN

• sgw: Serving Gateway facility

• sh-diameter: Sh Diameter messages facility

• sitmain: System Initialization Task main logging facility

• sls: Service Level Specification (SLS) protocol logging facility

• sm-app: SM Protocol logging facility

• sms: Short Message Service (SMS) logging messages between the MS and the SMSC

• sndcp: Sub Network Dependent Convergence Protocol (SNDCP) logging facility

• snmp: SNMP logging facility

• sprmgr: IPCF Subscriber Policy Register (SPR) manager logging facility

• srdb: Static Rating Database

• srp: Service Redundancy Protocol (SRP) logging facility

• sscfnni: Service-Specific Coordination Function for Signaling at the Network Node Interface (SSCF-NNI) logging facility

• sscop: Service-Specific Connection-Oriented Protocol (SSCOP) logging facility

• ssh-ipsec: Secure Shell (SSH) IP Security logging facility

• ssl: Secure Socket Layer (SSL) message logging facility

• stat: Statistics logging facility

• supserv: Supplementary Services logging facility [H.323]

• system: System logging facility

• tacacsplus: TACACS+ Protocol logging facility

• tcap: TCAP Protocol logging facility

• testctrl: Test Controller logging facility

• testmgr: Test Manager logging facility

• threshold: threshold logging facility

• ttg: Tunnel Termination Gateway (TTG) logging facility

• tucl: TCP/UDP Convergence Layer (TUCL) logging facility

• udr: User Data Record (UDR) facility (used with the Charging Service)

• user-data: User data logging facility

• user-l3tunnel: User Layer 3 tunnel logging facility

• usertcp-stack: User TCP Stack

• vim: Voice Instant Messaging (VIM) logging facility

• vinfo: VINFO logging facility

• vmgctrl: Virtual Media Gateway (VMG) controller facility

• vmgctrl: VMG Content Manager facility

• vpn: Virtual Private Network logging facility

• wimax-data: WiMAX DATA

• wimax-r6: WiMAX R6

• wsg: Wireless Security Gateway (ASR 9000 Security Gateway)

• x2gw-app: X2GW (X2 proxy Gateway, eNodeB) application logging facility

• x2gw-demux: X2GW demux task logging facility

Trace logging is useful for quickly resolving issues for specific sessions that are currently active. They are temporary filters that are generated based on a qualifier that is independent of the global event log filter configured using the logging filter command in the Exec mode. Like event logs, however, the information generated by the logs is stored in the active memory buffer.

All debug level events associated with the selected call are stored.

Use the following example to configure trace logs in the Exec mode:

[local]host_name# logging trace { callid call_id | ipaddr ip_address | msid ms_id | username username }

Once all of the necessary information has been gathered, the trace log can be deleted by entering the following command:

[local]host_name# no logging trace { callid call_id | ipaddr ip_address | msid ms_id | username username }

Monitor logging records all activity associated with all of a particular subscriber's sessions. This functionality is available in compliance with law enforcement agency requirements for monitoring capabilities of particular subscribers.

Monitors can be performed based on a subscriber's MSID or username, and are only intended to be used for finite periods of time as dictated by the law enforcement agency. Therefore, they should be terminated immediately after the required monitoring period.

This section provides instructions for enabling and disabling monitor logs.

Logging configuration and statistics can be verified by entering the following command from the Exec mode:

[local]host_name# show logging [ active | verbose ]

When no keyword is specified, the global filter configuration is displayed as well as information about any other type of logging that is enabled.

The following table provides information] and descriptions of the statistics that are displayed when the verbose keyword is used.

Event logs generated by the system can be viewed in one of the following ways:

This section provides instructions for viewing event logs using the CLI. These instructions assume that you are at the root prompt for the Exec mode.

In the unlikely even of a software crash, the system stores information that could be useful in determining the reason for the crash. This information can be maintained in system memory or it can be transferred and stored on a network server.

The system supports the generation of the following two types of logs:

Event logging (evlogd) is a shared medium that captures event messages sent by StarOS facilities. When one or more facilities continuously and overwhelmingly keep sending a high volume of event messages, the remaining non-offender facilities are impacted. This scenario degrades system performance, especially as the number of facilities generating logs increases.

Rate-control of event message logging is handled in the Log Source path. Essentially, every second a counter is set to zero and is incremented for each log event that is sent to evlogd. If the count reaches a threshold before the second is up, the event is sent, queued or dropped (if the evlogd messenger queue is full).

When any facility exceeds the upper threshold set with this command for the rate of message logging and remains in the same state for prolonged interval, StarOS notifies the user via an SNMP trap or alarm.

A new threshold command allows a user to specify the percentage of facility event queue full. When this threshold is exceeded, an SNMP trap and alarm are generated that specifies the offending facility.

If a trigger condition occurs within the polling interval, the alert or alarm will not be generated until the end of the polling interval.

Both traps can be enabled or suppressed via the Global Configuration mode snmp trap command.

Checkpointing identifies logged data as previously viewed or marked. Checkpointing allows you to only display log information since the last checkpoint.

Individual logs may have up to 50,000 events in the active log. Checkpointing the logs results in at most 50,000 events being in the inactive log files. This gives a maximum of 100,000 events in total which are available for each facility logged.

You check point log data via the Exec mode logs checkpoint command to set the log contents to a well-known point prior to special activities taking place. This command may also be a part of periodic regular maintenance to manage log data.

Checkpointing logs moves the current log data to the inactive logs. Only the most recently check pointed data is retained in the inactive logs. A subsequent check pointing of the logs results in the prior check pointed inactive log data being cleared and replaced with the newly check pointed data. Checkpointed log data is not available for viewing.

Log files can be saved to a file in a local or remote location specified by a URL. Use the following Exec mode command to save log files:

save logs { url } [ active ] ] [ inactive ] [ callid call_id ] [event-verbosity evt_verboseness ] [ facility facility ] [level severity_level ] [ pdu-data pdu_format ] [ pdu-verbosity pdu_verboseness ] [ since from_date_time [ until to_date_time ] ] [ | { grep grep_options | more } ] 

For detailed information on the save logs command, see the Exec Mode Commands chapter in the Command Line Interface Reference.