On Viptela devices, you can log event notification system log (syslog) messages to files on the local device, or you can log them to files on a remote host.
Log Syslog Messages on the Local Device
Logging to the local device's hard disk of syslog messages with a priority level of "information" is enabled by default. The log files are placed in the local /var/log directory. By default, log files are 10 MB in size, and up to 10 files are stored. After 10 files have been created, the oldest one is discarded to create a file for newer syslog messages.
To modify the syslog default parameters on a Viptela device:
Viptela(config)# system logging disk Viptela(config-logging-disk)# enable Viptela(config-logging-disk)# file rotate number size megabytes Viptela(config-logging-disk)# priority priority
By default, 10 syslog files are created. In the rotate command, you can configure this to be a number from 1 through 10.
By default, syslog files are 10 MB. You can configure this to be from 1 to 20 MB.
The priority indicates the severity of syslog messages to save. The default priority value is "informational", so by default, all syslog messages are recorded. The priority level can be one of the following (in order of decreasing severity):
- emergency—System is unusable (corresponds to syslog severity 0).
- alert— Action must be taken immediately (corresponds to syslog severity 1).
- critical—A serious condition (corresponds to syslog severity 2).
- error—An error condition that does not fully impair system usability (corresponds to syslog severity 3).
- warn—A minor error condition (corresponds to syslog severity 4).
- normal—A normal, but significant condition (corresponds to syslog severity 5).
- information—Routine condition (the default) (corresponds to syslog severity 6).
To disable the logging of syslog messages to the local disk, use the no system logging disk enable command.
Log Syslog Messages to a Remote Device
To log event notification syslog messages to a remote host, configure information about the server:
Viptela(config)# system logging server (dns-name | hostname | ip-address) Viptela(config-logging-server)# vpn vpn-id Viptela(config-logging-server)# priority priority Viptela(config-logging-server)# source-interface interface-name
Configure the server's name by DNS name, hostname, or IP address. You can configure up to four syslog servers.
You can optionally specify the VPN in which the syslog server is located or through which it can be reached.
You can optionally specify the outgoing interface to use to reach the syslog server. The interface name can be a physical interface or a subinterface (a VLAN-tagged interface). The interface must be located in the same VPN as the syslog server. Otherwise, the configuration is ignored. If you configure multiple syslog servers, the source interface must be the same for all of them.
You configure the priority of the syslog messages to send to the server, as described above.
Viptela devices send syslog messages to syslog servers using UDP. TCP is not supported.
If the syslog server is unreachable, the Viptela device suspends the sending of syslog messages for 180 seconds (3 minutes). If the server is once again reachable, logging resumes. If not, the Viptela device waits another 180 seconds.
By default, syslog messages are also always logged to the local hard disk. To disable local logging, use the no system logging disk enable command.
Display Logging Information
To display the configured system logging settings, use the show logging command. For example:
vEdge# show logging System logging to in vpn 0 is disabled Priority for host logging is set to: info System logging to disk is enabled Priority for disk logging is set to: info File name for disk logging is set to: /var/log/vsyslog File size for disk logging is set to: 10 MB File recycle count for disk logging is set to: 10 Syslog facility is set to: local7
To display the contents of a syslog file, use the show log command. For example:
vEdge# show log auth.log tail 10 ==> /var/log/auth.log <== auth.info: Nov 14 14:33:35 vedge sshd: Accepted publickey for admin from 10.0.1.1 port 39966 ssh2: RSA SHA256:pkFQ5wE//DmiA0d0JU1rOt91CMTVGkscm9wLSYQrI1s auth.info: Nov 14 14:39:42 vedge sshd: Received disconnect from 10.0.1.1 port 39966:11: disconnected by user auth.info: Nov 14 14:39:42 vedge sshd: Disconnected from 10.0.1.1 port 39966 auth.info: Nov 16 10:51:45 vedge sshd: Accepted publickey for admin from 10.0.1.1 port 40012 ssh2: RSA SHA256:pkFQ5wE//DmiA0d0JU1rOt91CMTVGkscm9wLSYQrI1s auth.info: Nov 16 11:21:55 vedge sshd: Received disconnect from 10.0.1.1 port 40012:11: disconnected by user auth.info: Nov 16 11:21:55 vedge sshd: Disconnected from 10.0.1.1 port 40012 auth.info: Nov 17 12:59:52 vedge sshd: Accepted publickey for admin from 10.0.1.1 port 40038 ssh2: RSA SHA256:pkFQ5wE//DmiA0d0JU1rOt91CMTVGkscm9wLSYQrI1s auth.info: Nov 17 13:45:13 vedge sshd: Received disconnect from 10.0.1.1 port 40038:11: disconnected by user auth.info: Nov 17 13:45:13 vedge sshd: Disconnected from 10.0.1.1 port 40038 auth.info: Nov 17 14:47:31 vedge sshd: Accepted publickey for admin from 10.0.1.1 port 40040 ssh2: RSA SHA256:pkFQ5wE//DmiA0d0JU1rOt91CMTVGkscm9wLSYQrI1s
In vManage NMS, to display device syslog files to help in debugging:
- In the Administration ► Settings screen, ensure that Data Stream is enabled.
- From the Monitor ► Network screen, select the vEdge router.
- Click Troubleshooting in the left pane.
- From the Logs pane, click Debug Log.
- In the Log Files field, select the name of the log file. The lower part of the screen displays the log information.
System Log Files
Syslog messages at or above the default or configured priority value are recorded in a number of files in the /var/log directory on the local device. These files include the following:
- auth.log—Login, logout, and superuser access events, and usage of authorization systems.
- kern.log—Kernel messages.
- messages—Consolidated log file that contains syslog messages from all sources.
- vconfd—All configuration-related syslog messages.
- vdebug—All debug messages for modules whose debugging is turned on and all syslog messages above the configured priority value. Debug logging supports various levels of logging based on the module. Different modules implement the logging levels differently. For example, the system manager (sysmgr) has two logging levels (on and off), while the chassis manager (chmgr) has four different logging levels (off, low, normal, and high). You cannot send debug messages to a remote host. To enable debugging, use the debug operational command.
- vsyslog—All syslog messages from Viptela processes (daemons) above the configured priority value. The default priority value is "informational", so by default, all "notice", "warning", "error", "critical", "alert", and "emergency" syslog messages are saved.
The Viptela software does not use the following standard LINUX files, which are present in /var/log, for logging: cron.log, debug, lpr.log, mail.log, and syslog.
The writing of messages to syslog files is not rate-limited. This means that if many syslog messages are generated in a short amount of time, the overflow messages are buffered and placed in a queue until they can be written to a syslog file. The overflow messages are not dropped.
For repeating syslog messages—identical messages that occur multiple times in succession—only one copy of the message is placed in the syslog file. The message is annotated to indicate the number of times that the message occurred.
The maximum length of a log message is 1024 bytes. Longer messages are truncated.
Syslog messages related to AAA authentication and Netconf CLI access and usage are placed in the auth.log and messages files. Each time a vManage NMS logs in to a vEdge router to retrieve statistics and status information and to push files to the router, the router generates AAA and Netconf log messages. So, over time, these message can fill the log files. To prevent these messages from filling the log files, you can disable the logging of AAA and Netconf syslog messages:
Viptela(config)# system aaa logs Viptela(config-logs)# audit-disable Viptela(config-logs)# netconf-disable
Syslog message generated by the Viptela software have the following format:
facility.source date - source - module - level - MessageID: text-of-syslog-message
Here is an example of a syslog message. In the file, this message is on a single line. This message has the facility name of local7, which is the name used for all Viptela processes, and a priority of "info".
local7.info: Apr 3 13:40:31 vsmart SYSMGR: %Viptela-vsmart-sysmgrd-6-INFO-1400002: Notification : 4/3/2017 20:40:31 system-login-change severity-level:minor host-name:"vm1" system-ip:172.16.255.11 user-name:"admin" user-id:162