Configuring Logging


Netvisor One logs all important activities that occur on the switch and fabrics created on them. Logging is enabled by default and is viewable using the CLI. You can also configure system logging to send syslog-formatted messages to other servers configured to receive them as part of centralized logging and monitoring.




Figure 1 - Netvisor One Switch with Syslog Server


There are three types of activities logged:


Log Type

Description

Event

Records action observed or performed by switches. Each Event type can be enabled or disabled. Events are collected on a best effort basis. If events occur too rapidly to be recorded, the event log is annotated with the number of events lost.


The following are examples of event types:


  • Port state changes
  • TCP connections
  • STP port changes

Audit

When an administrative change to the configuration is made, an audit log is recorded. An audit log consists of the command and parameters along with the success or failure indication. When a command fails, an error message is also recorded.

System

The system log records error conditions and conditions of interest.


There are four levels in the system log:


  • critical
  • error
  • warn
  • note

Perror

The perror log records messages on standard error output, describing the last error encountered.



Each log message includes the following information:


  • Category - event, audit, or system
  • Timestamp within a microsecond
  • Process name and process ID of the process producing the message
  • Unique message name
  • Unique five digit numerical message code
  • Message: additional message-specific parameters and explanation


A log message may include optional parameters, including associated VLAN, VXLAN, or switch port.An audit log message includes additional information:


  • User
  • Process ID
  • Client IP of the remote computer issuing the command


An event log also includes the event type.


The maximum number of repeated messages detected by Netvisor One is ten (10). After five seconds, if there are repeated messages, "Last X messages(s) repeated Y time(s)" is printed. If "X" and "Y" are both 1, then the message  is printed rather than "Last 1 message(s) repeated 1 time(s)". The log events are printed after a five (5) second delay.


To view event logs using the CLI, enter the following command:


CLI network-admin@Leaf1>log-event-show


category time                     name    code event-type port message

event    2013-06-04,13:12:18.304740 port_up 62   port       62   up

event    2013-06-04,13:12:18.304740 port_up 62   port       50   up

event    2013-06-04,13:12:18.304740 port_up 62   port       10   up

...

 

To view audit log entries, enter the following command:


CLI network-admin@Leaf1>log-audit-show


category time                       name    code user          message

audit    2013-06-04,13:12:18.304740 command 1101 network-admin Command create  id=b000011:! name=1 scope=fabric vrg=b000011:0 vlans=100 _mgr_id=b00001

audit    2013-06-04,13:12:18.304740 command 1101 network-admin Command create vrouter id=b000011:! name=1 scope=fabric vrg=b000011:0 vlans=100 _mgr_id=b00001

 

To view system log entries, use the following command:


CLI network-admin@Leaf1>log-system-show


time:           2013-09-17, 06:28:09.351514-07:00

name:           11006

level:          warn

time:           2013-09-17, 11:28:09.351514-07:00

name:           11006

level:          warn

time:           2013-09-17, 13:28:09.351514-07:00

name:           11006

level:          warn

 

Currently, accessing system log information may require assistance from TAC to retrieve the logs from Netvisor One. To enable log auditing in Netvisor One, use the following command:


CLI network-admin@Leaf1>log-admin-audit-modify enable|disable


To display auditing status, use the following command:


CLI network-admin@Leaf1>log-admin-audit-show


Modifying and Displaying Log Event Settings


By default, only system and port events are logged. Other logging is possible, and you can add other events using the log-event-settings-modify command. You can modify the way Netvisor One logs events by using the log-event-settings-modify command to remove or add log events.


For instance to remove logging of STP events, use the following command:


CLI network-admin@Leaf1>log-event-settings-modify no-stp


To display log event settings information, use the log-event-settings-show command.