Sunday, 7 February 2010

Configure Logging

In this post I will configure my switch to log to a syslog server on my mac (10.0.1.4)

switch1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
switch1(config)#logging trap debugging
switch1(config)#logging 10.0.1.4
switch1(config)#logging on


Switch1 now logs to a remote syslog server.

# tail -f /var/log/switch.log
Feb 7 15:11:55 10.0.1.210 35: 00:09:48: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/16, changed state to down
Feb 7 15:12:00 10.0.1.210 36: 00:09:53: %LINK-3-UPDOWN: Interface FastEthernet0/16, changed state to up
Feb 7 15:12:03 10.0.1.210 37: 00:09:55: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/16, changed state to up


A switch can also be configured to log to the buffer. Below I will configure Switch2 to log notification messages to the buffer. Finally I will use a show command to view the messages.

switch2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
switch2(config)#logging buffered notifications
switch2(config)#end

switch2#show logging
Syslog logging: enabled (0 messages dropped, 0 messages rate-limited, 0 flushes, 0 overruns)
Console logging: level debugging, 23 messages logged
Monitor logging: level debugging, 0 messages logged
Buffer logging: level notifications, 1 messages logged
Exception Logging: size (4096 bytes)
File logging: disabled
Trap logging: level informational, 27 message lines logged

Log Buffer (4096 bytes):

00:37:19: %SYS-5-CONFIG_I: Configured from console by vty0 (10.0.1.4)



To configure the mac as a syslog server follow the instructions below.

1. Amend syslog.conf
# echo "local7.debug /var/log/switch.log" >> /etc/syslog.conf

2. Create new log file
# touch /var/log/switch.log

3. Change syslogd startup procedure by uncommenting the section (at the end) to accept remote logging in /System/Library/LaunchDaemons/com.apple.syslogd.plist

4. Restart syslogd
# launchctl unload /System/Library/LaunchDaemons/com.apple.syslogd.plist
# launchctl load /System/Library/LaunchDaemons/com.apple.syslogd.plist

5. Allow syslog (/usr/bin/syslog) through the firewall.