Understanding Logging

NetVisor OS logs all important activities that occur on the switches and fabrics created on them. Logging is enabled by default and can be viewed using the CLI. You can also configure system logging to send syslog-formatted messages to servers configured to receive them, as part of centralized logging and monitoring.


Figure 11-1 - NetVisor OS Switch with Syslog Server


The following types of activities are logged:

Log Type



Records action observed or performed by switches. Each Event type can be enabled or disabled. Events are collected on a best effort basis. If events occur too rapidly to be recorded, the event log is annotated with the number of events lost.

The following are examples of event types:

  • Port state changes
  • TCP connections
  • STP port changes


When an administrative change to the configuration is made, an audit log is recorded. An audit log consists of the command and parameters along with the success or failure indication. When a command fails, an error message is also recorded.


The system log records error conditions and conditions of interest.


The Perror log records messages on standard error output, describing the last error encountered.

Each log message includes the following information:


  • Category - event, audit, or system
  • Timestamp within a microsecond
  • Process name and process ID of the process producing the message
  • Unique message name
  • Unique five digit numerical message code
  • Message: additional message-specific parameters and explanation


A log message consists of common parameters separated by spaces and a colon (:), optional parameters, another colon, and then the log-specific message. The optional parameters, which may include the associated VLAN, VXLAN, or switch ports, appear as key/value pairs.  An audit log message includes additional information:


  • User
  • Process ID
  • Client IP of the remote computer issuing the command


An event log also includes the event type.

For information about specific log events and their meaning, see the NetVisor OS Log Messages Guide.


The maximum number of repeated messages detected by NetVisor OS is ten (10). After five seconds, if NetVisor OS detects repeated messages, then the log prints "Last X messages(s) repeated Y time(s)”. If the log message detects "X" and "Y" as both 1, then NetVisor OS prints the message rather than "Last 1 message(s) repeated 1 time(s)". Log events are printed after a five (5) second delay.


Currently, accessing system log information may require assistance from TAC to retrieve the logs from NetVisor OS. To enable log auditing in NetVisor OS, use the following command:


CLI (network-admin@Leaf1) > log-admin-audit-modify enable|disable


Log auditing is disabled by default. To display auditing status, use the following command:

CLI (network-admin@Leaf1) > log-admin-audit-show

switch: Leaf1

enable: yes


Using Facility Codes with Log Messages

NetVisor OS labels log messages with a facility code indicating the area of the software that generated the log message.

The following are the default facility codes:

  • Log_Daemon for events and system messages
  • Log_AUDIT for audit messages

The following severity levels are used by default:

  • Log_INFO = informational
  • Log_Critical = critical
  • Log_ERROR = error
  • Log_WARNING = warn
  • Log_NOTICE = note