Understanding Logging


Netvisor ONE logs all important activities that occur on the switches and fabrics created on them. Logging is enabled by default and can be viewed using the CLI. You can also configure system logging to send syslog-formatted messages to servers configured to receive them, as part of centralized logging and monitoring.


 


Figure 11-1 - Netvisor One Switch with Syslog Server

 

The following types of activities are logged:


Log Type

Description

Event

Records action observed or performed by switches. Each Event type can be enabled or disabled. Events are collected on a best effort basis. If events occur too rapidly to be recorded, the event log is annotated with the number of events lost.


The following are examples of event types:


  • Port state changes
  • TCP connections
  • STP port changes


Audit

When an administrative change to the configuration is made, an audit log is recorded. An audit log consists of the command and parameters along with the success or failure indication. When a command fails, an error message is also recorded.

System

The system log records error conditions and conditions of interest.

Perror

The Perror log records messages on standard error output, describing the last error encountered.


Each log message includes the following information:

 

  • Category - event, audit, or system
  • Timestamp within a microsecond
  • Process name and process ID of the process producing the message
  • Unique message name
  • Unique five digit numerical message code
  • Message: additional message-specific parameters and explanation

 

A log message consists of common parameters separated by spaces and a colon (:), optional parameters, another colon, and then the log-specific message. The optional parameters, which may include the associated VLAN, VXLAN, or switch ports, appear as key/value pairs.  An audit log message includes additional information:

 

  • User
  • Process ID
  • Client IP of the remote computer issuing the command

 

An event log also includes the event type.


For information about specific log events and their meaning, see the Netvisor ONE Log Messages Guide.

 

The maximum number of repeated messages detected by Netvisor ONE is ten (10). After five seconds, if Netvisor ONE detects repeated messages, then the log prints "Last X messages(s) repeated Y time(s)”. If the log message detects "X" and "Y" as both 1, then Netvisor ONE prints the message rather than "Last 1 message(s) repeated 1 time(s)". Log events are printed after a five (5) second delay.

 

Currently, accessing system log information may require assistance from TAC to retrieve the logs from Netvisor ONE. To enable log auditing in Netvisor ONE, use the following command:

 

CLI (network-admin@Leaf1) > log-admin-audit-modify enable|disable

 

Log auditing is disabled by default. To display auditing status, use the following command:


CLI (network-admin@Leaf1) > log-admin-audit-show

switch: Leaf1

enable: yes

 

Using Facility Codes with Log Messages


Netvisor ONE labels log messages with a facility code indicating the area of the software that generated the log message.


The following are the default facility codes:


  • Log_Daemon for events and system messages
  • Log_AUDIT for audit messages


The following severity levels are used by default:


  • Log_INFO = informational
  • Log_Critical = critical
  • Log_ERROR = error
  • Log_WARNING = warn
  • Log_NOTICE = note

north
    keyboard_arrow_up
    keyboard_arrow_down
    description
    print
    feedback
    support
    business
    rss_feed
    south