Troubleshooting > Debug/syslog operation

  

 next

Debug/syslog operation

While the Event Log records switch-level progress, status, and warning messages on the switch, the debug/system logging (syslog) feature provides a way to record Event Log and debug messages on a remote device. For example, you can send messages about routing misconfigurations and other network protocol details to an external device, and later use them to debug network-level problems.

Debug/syslog messaging

The debug/syslog feature allows you to specify the types of Event Log and debug messages that you want to send to an external device. You can perform the following operations:

  • Use the debug commandto configure messaging reports for the following event types:

    • ACL "deny" matches

    • Dynamic ARP protection events

    • DHCP snooping events

    • DIPLD events

    • Events recorded in the switch's Event Log

    • IP routing events (IPv4 and IPv6)

    • LLDP events

    • SNMP events

    • SSH events

    • Wireless services events

    		  

  • Use the logging commandto select a subset of Event Log messages to send to an external device for debugging purposes according to:

    • Severity level

    • System module

    		  

Hostname in syslog messages

The syslog now messages the sender identified by hostname.

The hostname field identifies the switch that originally sends the syslog message. Configurable through the CLI and SNMP, the format of the hostname field supports the following formats:

  • ip-address: The IP address of the sending interface will be used as the message origin identifier. This is the default format for the origin identifier. The IP address of the sending interface (in dotted decimal notation) is the default format.

  • hostname: The hostname of the sending switch will be used as the message origin identifier.

  • none: No origin identifier will be embedded in the syslog message. Nilvalue is used as defined by “-“.

This configuration is system-wide, not per syslog server.
[NOTE: ]

NOTE: There is no support in this feature for menu interface, WebUI or a fully qualified domain name. There are no changes in this feature to PCM or IDM. There are no new log events added in this feature.

Logging origin-id

Use the logging origin-id command to specify the content for the hostname field.

Syntax:

logging origin-id [ip-address|hostname|none]

[no]logging origin-id [ip-address|hostname|none]

To reset the hostname field content back to default (IP-address), use the no form of the command.

filter

Creates a filter to restrict which events are logged.

IP-ADDR

Adds an IPv4 address to the list of receiving syslog servers.

IPV6-ADDR

Adds an IPv6 address to the list of receiving syslog servers.

origin-id

Sends the Syslog messages with the specified origin-id.

notify

Notifies the specified type sent to the syslog server(s).

priority-descr

A text string associated with the values of facility, severity, and system-module.

severity

Event messages of the specified severity or higher sent to the syslog server.

system-module

Event messages of the specified system module (subsystem) sent to the syslog server.

hostname

Sets the hostname of the device as the origin-id.

none

Disables origin-id in the syslog message.

Add an IP address to the list of receiving syslog servers.

Use of no without an IP address specified will remove all IP addresses from the list of syslog receivers. If an IP address is specified, that receiver will be removed. Both link-local with zone ID and global IPv6 addresses are supported.

  • Specify syslog server facility with the option <facility>. The command no logging <facility> sets the facility back to defaults.

  • Specify filtering rules.

  • Specify severity for event messages to be filtered to the syslog server with the option <severity>. The command no logging <severity> sets the severity back to default.

  • Event messages of specified system module will be sent to the syslog server. Using no sends messages from all system modules. Messages are first filtered by selected severity.

  • Specify syslog server transport layer with options [udp]|[tcp]|[tls].

  • Specify syslog server port number with options [udp PORT-NUM]|[tcp PORT-NUM]|[tls PORT-NUM].

  • Specify notification types to be sent to the syslog server.

  • Use the option transmission-interval to control the egress rate limit for transmitting notifications, 0 value means there is no rate limit. The values are in seconds. Only one syslog message is allowed for transmission within specified time interval.

  • Specify the origin information for the syslog messages with the option origin-id.
[NOTE: ]

NOTE: When the syslog server receives messages from the switch, the IPv6 address of the switch is partly displayed.

Example:

Configured Host Ipv6 Address: 2001::1

Expected Syslog message:

Syslog message: USER.INFO: Oct 11 02:40:02 2001::1 00025 ip:
ST1CMDR: VLAN60: ip address 30.1.1.1/24 configured on vlan 60

Actual Truncated syslog message:

Syslog message: USER.INFO: Oct 11 02:40:02 2001:: 00025 ip: ST1CMDR:
VLAN60: ip address 30.1.1.1/24 configured on vlan 60

Use the command in Setting the origin-id to the hostname to set the origin-id to the hostname.

Setting the origin-id to the hostname

HP Switch(config)# logging origin-id hostname

The following syslog message will occur:

<14> Jan 1 00:15:35 HP-2910al-24G 00076 ports: port 2 is now on-line

Use the command in Setting the origin-id to none (nilvalue) to set the origin-id to none (nilvalue).

Setting the origin-id to none (nilvalue)

HP Switch(config)# logging origin-id none

The following syslog message will occur:

<14> Jan 1 00:15:35 - 00076 ports: port 2 is now on-line

Use any of the commands in Setting the origin-id to ip-address (default) to set the origin-id to ip-address (default).

Setting the origin-id to ip-address (default)

HP Switch(config)# logging origin-id ip-address

HP Switch(config)# no logging origin-id hostname

HP Switch(config)# no logging origin-id none

The following syslog message will occur:

<14> Jan 1 00:15:35 169.254.230.236 00076 ports: port 2 is now on-line

Viewing the identification of the syslog message sender

Use the commands show debug or show running-config to display the identification of the syslog message sender. The default option for origin-id is ip-address. The command show running-config will not display the configured option when origin-id is set to the default value of ip address.

When hostname or none is configured using logging origin-id, the same displays as part of the show running-config command.

Syntax:

show debug

Default option is ip-address.

Output of the show debug command when configured without login origin-id shows the output of the show debug command when configured without loggin origin-id.

Output of the show debug command when configured without login origin-id

Debug Logging
  Origin identifier: Outgoing Interface IP
  Destination:     None

Enabled debug types:
  None are enabled.

The command logging origin-id hostname will produce the syslog message shown in Syslog message for logging origin-id hostname.

Syslog message for logging origin-id hostname

Debug Logging
  Origin identifier: Hostname
  Destination:    None

Enabled debug types:
  None are enabled.

The command logging origin-id none will produce the syslog message shown in Syslog message for logging origin-id none.

Syslog message for logging origin-id none

Debug Logging
  Origin identifier: none
  Destination:    None

Enabled debug types:
  None are enabled.
Syntax:

show running-config

Output of the show running-config command shows the output of the show running-config command.

Output of the show running-config command

The command logging 

origin-id hostname will display the 
following:
logging origin-id hostname

The command logging origin-id none will display as the following:

logging origin-id none

SNMP MIB

SNMP support will be provided through the following MIB objects.

HpicfSyslogOriginId = textual-convention

Description

This textual convention enumerates the origin identifier of syslog message.

Syntax: integer

  • ip-address

  • hostname

  • none

Status

  • current

hpicfSyslogOriginId OBJECT-TYPE

Description

Specifies the content of a Hostname field in the header of a syslog message.

Syntax:

  • HpicfSyslogOriginId

Max-access

  • read-write

Status

  • current

Default

  • ip-address

Debug/syslog destination devices

To use debug/syslog messaging, you must configure an external device as the logging destination by using the logging and debug destination commands. For more information, see Debug destinations and Configuring a syslog server.

A debug/syslog destination device can be a syslog server and/or a console session. You can configure debug and logging messages to be sent to:

  • Up to six syslog servers

  • A CLI session through a direct RS-232 console connection, or a Telnet or SSH session

Debug/syslog configuration commands

Event notification logging

Automatically sends switch-level event messages to the switch's Event Log. Debug and syslog do not affect this operation, but add the capability of directing Event Log messaging to an external device.

logging command

 <syslog-ip-addr>

Enables syslog messaging to be sent to the specified IP address. IPv4 and IPv6 are supported.
  facility

(Optional) The logging facility command specifies the destination (facility) subsystem used on a syslog server for debug reports.
  priority-desc

A text string associated with the values of facility, severity, and system-module.
  severity

Sends Event Log messages of equal or greater severity than the specified value to configured debug destinations. (The default setting is to send Event Log messages from all severity levels.)

debug Command

 acl

Sends ACL syslog logging to configured debug destinations. When there is a match with a "deny" statement, directs the resulting message to the configured debug destinations.
  all

Sends debug logging to configured debug destinations for all ACL, Event Log, IP-OSPF, and IP-RIP options.
  cdp

Displays CDP information.
  destination

logging: Disables or re-enables syslog logging on one or more syslog servers configured with the logging syslog-ip-addr command.

session: Assigns or re-assigns destination status to the terminal device that was most recently used to request debug output.

buffer: Enables syslog logging to send the debug message types specified by the debug <debug-type> command to a buffer in switch memory.
  event

Sends standard Event Log messages to configured debug destinations. (The same messages are also sent to the switch's Event Log, regardless of whether you enable this option.)
  ip

fib: Displays IP Forwarding Information Base messages and events.

forwarding: Sends IPv4 forwarding messages to the debug destinations.

packet: Sends IPv4 packet messages to the debug destinations.

pim [packet [filter source <ip-addr> | vlan <vid>> ]]

: Enables or disables tracing of PIM messages.

Note: When PIM debugging is enabled, the following message displays:

PIM Debugging can be extremely CPU intensive when run
on a device with an existing high CPU load or on a switch
with more than 10 PIM-enabled VLANs. In high load
situations, the switch may suffer from protocol
starvation, high latency, or even reload. When debugging
a switch with more than 10 PIM-enabled VLANs, the 

“vlan”
option in 

“debug ip pim packet” should be utilized.
Debugging should only be used temporarily while
troubleshooting problems. Customers are advised to
exercise caution when running this command in a highstress
production network.

rip: Sends RIP event logging to the debug destinations.
  ipv6

dhcpv6-client: Sends DHCPv6 client debug messages to the configured debug destination.

dhcpv6-relay: Sends DHCPv6 relay debug messages to the configured debug destination.

forwarding: Sends IPv6 forwarding messages to the debug destination(s)

nd: Sends IPv6 debug messages for IPv6 neighbor discovery to the configured debug destinations.
  lldp

Sends LLDP debug messages to the debug destinations.
  security

Sends security messages to the debug destination.
  services

Displays debug messages on the services module.
  snmp

Sends snmp messages to the debug destination.

Using the Debug/Syslog feature, you can perform the following operations:

  • Configure the switch to send Event Log messages to one or more Syslog servers. In addition, you can configure the messages to be sent to the User log facility (default) or to another log facility on configured Syslog servers.

  • Configure the switch to send Event Log messages to the current management- access session (serial-connect CLI, Telnet CLI, or SSH).

  • Disable all Syslog debug logging while retaining the Syslog addresses from the switch configuration. This allows you to configure Syslog messaging and then disable and re-enable it as needed.

  • Display the current debug configuration. If Syslog logging is currently active, the list f configured Syslog servers is displayed.

  • Display the current Syslog server list when Syslog logging is disabled.

Configuring debug/syslog operation

  1. To use a syslog server as the destination device for debug messaging, follow these steps:

    1. Enter the logging <syslog-ip-addr> command at the global configuration level to configure the syslog server IP address and enable syslog logging. Optionally, you may also specify the destination subsystem to be used on the syslog server by entering the logging facility command.

      If no other syslog server IP addresses are configured, entering the logging command enables both debug messaging to a syslog server and the event debug message type. As a result, the switch automatically sends Event Log messages to the syslog server, regardless of other debug types that may be configured.

    2. Re-enter the logging command in step "a" to configure additional syslog servers. You can configure up to a total of six servers. (When multiple server IP addresses are configured, the switch sends the debug message types that you configure in step “Step 3” to all IP addresses.)

  2. To use a CLI session on a destination device for debug messaging:

    1. Set up a serial, Telnet, or SSH connection to access the switch's CLI.

    2. Enter the debug destination session command at the manager level.

  3. Enable the types of debug messages to be sent to configured syslog servers, the current session device, or both by entering the debug <debug-type> command and selecting the desired options.

    Repeat this step if necessary to enable multiple debug message types.

    By default, Event Log messages are sent to configured debug destination devices. To block Event Log messages from being sent, enter the no debug event command.

  4. If necessary, enable a subset of Event Log messages to be sent to configured syslog servers by specifying a severity level, a system module, or both using the following commands

    HP Switch(config)# logging severity <debug | major | error | warning | info>
HP Switch(config)# logging system-module 
<

system-module>

    To display a list of valid values for each command, enter logging severity or logging system-module followed by ? or pressing the Tab key.

    The severity levels in order from the highest to lowest severity are major, error, warning, info, and debug. For a list of valid values for the logging system-module <system-module> command, see Event Log system modules .

  5. If you configure system-module, severity-level values, or both to filter Event Log messages, when you finish troubleshooting, you may want to reset these values to their default settings so that the switch sends all Event Log messages to configured debug destinations (syslog servers, CLI session, or both).

    To remove a configured setting and restore the default values that send all Event Log messages, enter one or both of the following commands:

    HP Switch(config)# no logging severity <debug | major | error | warning | info>
HP Switch(config)# no logging system-module 
<

system-module>
[CAUTION: ]

CAUTION: If you configure a severity-level, system-module, logging destination, or logging facility value and save the settings to the startup configuration (For example, by entering the write memory command), the debug settings are saved after a system reboot (power cycle or reboot) and re-activated on the switch. As a result, after switch startup, one of the following situations may occur:

  • Only a partial set of Event Log messages may be sent to configured debug destinations.

  • Messages may be sent to a previously configured syslog server used in an earlier debugging session.

Viewing a debug/syslog configuration

Use the show debug command to display the currently configured settings for:

  • Debug message types and Event Log message filters (severity level and system module) sent to debug destinations

  • Debug destinations (syslog servers or CLI session) and syslog server facility to be used

Syntax:

show debug

Displays the currently configured debug logging destinations and message types selected for debugging purposes. (If no syslog server address is configured with the logging <syslog-ip-addr> command, no show debug command output is displayed.)

Output of the show debug command

HP Switch(config)# show debug

 Debug Logging
  Destination:
   Logging --
    10.28.38.164
    Facility=kern
    Severity=warning
    System module=all-pass
   Enabled debug types:
    event
Example:

In the following Example:, no syslog servers are configured on the switch (default setting). When you configure a syslog server, debug logging is enabled to send Event Log messages to the server. To limit the Event Log messages sent to the syslog server, specify a set of messages by entering the logging severity and logging system-module commands.

Syslog configuration to receive event log messages from specified system module and severity levels

Syslog configuration to receive event log messages from specified system module and severity levels

As shown at the top of Syslog configuration to receive event log messages from specified system module and severity levels, if you enter the show debug command when no syslog server IP address is configured, the configuration settings for syslog server facility, Event Log severity level, and system module are not displayed. However, after you configure a syslog server address and enable syslog logging, all debug and logging settings are displayed with the show debug command.

If you do not want Event Log messages sent to syslog servers, you can block the messages from being sent by entering the no debug event command. (There is no effect on the normal logging of messages in the switch's Event Log.)

Example:

The next Example: shows how to configure:

  • Debug logging of ACL and IP-OSPF packet messages on a syslog server at 18.38.64.164 (with user as the default logging facility).

  • Display of these messages in the CLI session of your terminal device's management access to the switch.

  • Blocking Event Log messages from being sent from the switch to the syslog server and a CLI session.

To configure syslog operation in these ways with the debug/syslog feature disabled on the switch, enter the commands shown in Debug/syslog configuration for multiple debug types and multiple destinations.

Debug/syslog configuration for multiple debug types and multiple destinations

Debug/syslog configuration for multiple debug types and multiple destinations

Debug command

At the manager level, use the debug command to perform two main functions:

  • Specify the types of event messages to be sent to an external destination.

  • Specify the destinations to which selected message types are sent.

By default, no debug destination is enabled and only Event Log messages are enabled to be sent.
[NOTE: ]

NOTE: To configure a syslog server, use the logging <syslog-ip-addr> command. For more information, see Configuring a syslog server.

Debug messages

Syntax:

[no] debug <debug-type>

acl

When a match occurs on an ACL "deny" ACE (with log configured), the switch sends an ACL message to configured debug destinations. For information on ACLs, see the "Access Control Lists (ACLs)" chapter in the latest version of the following guides:

  • IPv4 ACLs: Access Security Guide

  • IPv6 ACLs: IPv6 Configuration Guide
[NOTE: ]

NOTE: ACE matches (hits) for permit and deny entries can be tracked using the show statistics <aclv4|aclv6> command.

(Default: Disabled—ACL messages for traffic that matches "deny" entries are not sent.)
all

Configures the switch to send all debug message types to configured debug destinations.

(Default: Disabled—No debug messages are sent.)
cdp

Sends CDP information to configured debug destinations.
destination

logging—Disables or re-enables syslog logging on one or more syslog servers configured with the logging <syslog-ip-addr> command.

session—Assigns or re-assigns destination status to the terminal device that was most recently used to request debug output.

buffer—Enables syslog logging to send the debug message types specified by the debug <debug-type> command to a buffer in switch memory.
event

Configures the switch to send Event Log messages to configured debug destinations.
[NOTE: ]

NOTE: This value does not affect the reception of event notification messages in the Event Log on the switch.

Event Log messages are automatically enabled to be sent to debug destinations in these conditions:

  • If no syslog server address is configured and you enter the logging <syslog-ip-addr> command to configure a destination address.

  • If at least one syslog server address is configured in the startup configuration, and the switch is rebooted or reset.

Event log messages are the default type of debug message sent to configured debug destinations.

ip [ fib | forwarding | [packet] | [rip]]

Sends IP messages to configured destinations.
 

ip [fib[events]]

For the configured debug destinations:

events—Sends IP forwarding information base events.
 

ip [rip[ database | event | trigger ]]

rip <database | event | trigger>

—Enables the specified RIP message type for the configured destination(s).

database—Displays database changes.

event—Displays RIP events.

trigger—Displays trigger messages.

ipv6 [ dhcpv6-client | dhcpv6-relay | nd | packet ]
[NOTE: ]

NOTE: See the "IPv6 Diagnostic and Troubleshooting" chapter in the IPv6 Configuration Guide for your switch for more detailed IPv6 debug options.

When no debug options are included, displays debug messages for all IPv6 debug options.

dhcpv6-client [ events | packet ]

—Displays DHCPv6 client event and packet data.

dhcpv6-relay [ events | packet ]

—Displays DHCPv6 relay event and relay packet data.

nd—Displays debug messages for IPv6 neighbor discovery.

packet—Displays IPv6 packet messages.
lldp

Enables all LLDP message types for the configured destinations.

security [ arp-protect | dhcp-snooping | dynamic-ip-lockdown | port-access | port-security | radius-server | ssh | tacacs-server | user-profile-mib ]

arp-protect— Sends dynamic ARP protection debug messages to configured debug destinations.

dhcp-snooping—Sends DHCP snooping debug messages to configured debug destinations.

agent—Displays DHCP snooping agent messages.

event—Displays DHCP snooping event messages.

packet—Displays DHCP snooping packet messages.

dynamic-ip-lockdown—Sends dynamic IP lockdown debug messages to the debug destination.

port-access—Sends port-access debug messages to the debug destination.

radius-server—Sends RADIUS debug messages to the debug destination.

ssh—Sends SSH debug messages at the specified level to the debug destination. The levels are fatal, error, info, verbose, debug, debug2, and debug3.

tacacs-server—Sends TACACS debug messages to the debug destination.

user-profile-mib—Sends user profile MIB debug messages to the debug destination.

snmp <pdu>

Displays the SNMP debug messages.

pdu—Displays SNMP pdu debug messages.

Filtering debug messages by debug type

Debug message filtering provides the ability to filter debug messages by debug type. Multiple debug filters can be applied to a debug type.

Syntax:

[no] debug <debug type> include [ ip ip-addr list | port <port-list> | vlan <vid-list> ]

Enables or disables debug message filtering for a debug type. The filter types are:

IPv4 or IPv6 address list Port list VLAN list

Default: Disabled

Setting an SNMP event filter for an IP address

HP Switch(config)# debug snmp event include ip 10.10.10.1

HP Switch(config)# show debug

 Debug Logging

  Destination: Session

  Enabled debug types:
   snmp trap include ip 10.10.10.1

Setting an IP RIP filter for port A4

HP Switch(config)# debug ip rip database include port A4

HP Switch(config)# show debug

 Debug Logging

  Destination: Session

  Enabled debug types:
   ip rip database include port A4
   snmp trap include ip 10.10.10.1

Setting a filter for fatal SSH messages on a VLAN

HP Switch(config)# debug ssh fatal include vlan 2

HP Switch(config)# show debug

 Debug Logging

  Destination: Session

  Enabled debug types:
   ip rip database include port A4
   snmp trap include ip 10.10.10.1
   ssh (fatal) include vlan 2

Debug destinations

Use the debug destination command to enable (and disable)syslog messaging on a syslog server or to a CLI session for specified types of debug and Event Log messages.

Syntax:

[no] debug destination <logging | session | buffer>

logging

Enables syslog logging to configured syslog servers so that the debug message types specified by the debug <debug-type> command (see Debug messages) are sent.

(Default: Logging disabled)

To configure a syslog server IP address, see Configuring a syslog server.
[NOTE: ]

NOTE: Debug messages from the switches covered in this guide have a debug severity level. Because the default configuration of some syslog servers ignores syslog messages with the debug severity level, ensure that the syslog servers you want to use to receive debug messages are configured to accept the debug level. For more information, see Operating notes for debug and Syslog.
session

Enables transmission of event notification messages to the CLI session that most recently executed this command. The session can be on any one terminal emulation device with serial, Telnet, or SSH access to the CLI at the Manager level prompt (HP Switch#_).

If more than one terminal device has a console session with the CLI, you can redirect the destination from the current device to another device. Do so by executing debug destination session in the CLI on the terminal device on which you now want to display event messages.

Event message types received on the selected CLI session are configured with the debug <debug-type> command.
buffer

Enables syslog logging to send the debug message types specified by the debug <debug-type> command to a buffer in switch memory.

To view the debug messages stored in the switch buffer, enter the show debug buffer command.

Logging command

At the global configuration level, the loggingcommand allows you to enable debug logging on specified syslog servers and select a subset of Event Log messages to send for debugging purposes according to:

  • Severity level

  • System module

By specifying both a severity level and system module, you can use both configured settings to filter the Event Log messages you want to use to troubleshoot switch or network error conditions.
[CAUTION: ]

CAUTION: After you configure a syslog server and a severity level and/or system module to filter the Event Log messages that are sent, if you save these settings to the startup configuration file by entering the write memory command, these debug and logging settings are automatically re-activated after a switch reboot or power recycle. The debug settings and destinations configured in your previous troubleshooting session will then be applied to the current session, which may not be desirable.

After a reboot, messages remain in the Event Log and are not deleted. However, after a power recycle, all Event Log messages are deleted.

If you configure a severity level, system module, or both to temporarily filter Event Log messages, be sure to reset the values to their default settings by entering the no form of the following commands to ensure that Event Log messages of all severity levels and from all system modules are sent to configured syslog servers:

HP Switch(config)# no logging severity <debug | major | error | warning | info>
HP Switch(config)# no logging system-module <

system-module>

Configuring a syslog server

Syslog is a client-server logging tool that allows a client switch to send event notification messages to a networked device operating with syslog server software. Messages sent to a syslog server can be stored to a file for later debugging analysis.

To use the syslog feature, you must install and configure a syslog server application on a networked host accessible to the switch. For instructions, see the documentation for the syslog server application.

To configure a syslog service, use the logging <syslog-ip-addr> command as shown below.

When you configure a syslog server, Event Log messages are automatically enabled to be sent to the server. To reconfigure this setting, use the following commands:

To display the currently configured syslog servers as well as the types of debug messages and the severity-level and system-module filters used to specify the Event Log messages that are sent, enter the show debug command (See Debug/syslog configuration commands).

Syntax:

[no] logging <syslog-ip-addr>

Enables or disables syslog messaging to the specified IP address. You can configure up to six addresses. If you configure an address when none are already configured, this command enables destination logging (syslog) and the Event debug type. Therefore, at a minimum, the switch begins sending Event Log messages to configured syslog servers. The ACL, IP-OSPF, and/or IP-RIP message types are also sent to the syslog servers if they are currently enabled as debug types. (See Debug messages.)

no logging

Removes all currently configured syslog logging destinations from the running configuration.

Using this form of the command to delete the only remaining syslog server address disables debug destination logging on the switch, but the default Event debug type does not change.
no logging <syslog-ip-address>

Removes only the specified syslog logging destination from the running configuration.

Removing all configured syslog destinations with the no logging command (or a specified syslog server destination with the no logging <syslog-ip-address> command) does not delete the syslog server IP addresses stored in the startup configuration.

Deleting syslog addresses in the startup configuration

Enter a no logging command followed by the write memory command.

Verifying the deletion of a syslog server address

Display the startup configuration by entering the show config command.

Blocking the messages sent to configured syslog servers from the currently configured debug message type

Enter the no debug <debug-type> command. (See Debug messages.)

Disabling syslog logging on the switch without deleting configured server addresses

Enter the no debug destination logging command. Note that, unlike the case in which no syslog servers are configured, if one or more syslog servers are already configured and syslog messaging is disabled, configuring a new server address does not re-enable syslog messaging. To re-enable syslog messaging, you must enter the debug destination logging command.

Sending logging messages using TCP

Syntax:

[no] logging <ip-addr> [ udp 1024-49151 | tcp 1024-49151 ]

Allows the configuration of the UDP or TCP transport protocol for the transmission of logging messages to a syslog server.

Specifying a destination port with UDP or TCP is optional.

Default ports: UDP port is 514

TCP port is 1470

Default Transport Protocol: UDP

Because TCP is a connection-oriented protocol, a connection must be present before the logging information is sent. This helps ensure that the logging message will reach the syslog server. Each configured syslog server needs its own connection. You can configure the destination port that is used for the transmission of the logging messages.

Configuring TCP for logging message transmission using the default port

HP Switch(config)# logging 192.123.4.5 tcp

(Default TCP port 1470 is used.)

Configuring TCP for logging message transmission using a specified port

HP Switch(config)# logging 192.123.4.5 9514

(TCP port 9514 is used.)

Configuring UDP for logging message transmission using the default port

HP Switch(config)# logging 192.123.4.5 udp

(Default UDP port 514 is used.)

Configuring UDP for logging message transmission using a specified port

HP Switch(config)# logging 192.123.4.5 9512

(UDP port 9512 is used.)

Syntax:

[no] logging facility <facility-name>

The logging facility specifies the destination subsystem used in a configured syslog server. (All configured syslog servers must use the same subsystem.) HP recommends the default (user) subsystem unless your application specifically requires another subsystem. Options include:

user

(default) Random user-level messages

kern

Kernel messages

mail

Mail system

daemon

System daemons

auth

Security/authorization messages

syslog

Messages generated internally by syslog

lpr

Line-printer subsystem

news

Netnews subsystem

uucp

uucp subsystem

cron

cron/at subsystem

sys9

cron/at subsystem

sys10 - sys14

Reserved for system use

local10 - local17

Reserved for system use

Use the no form of the command to remove the configured facility and reconfigure the default (user) value.

Disable LinkUp/Down Syslog messages based on port

This feature provides a per-port basis filter that can restrict the logging of events that are associated with a link status change. Unimportant linkup/linkdown events can be filtered out, avoiding unwanted messages in the event log and reducing troubleshooting time.

The specific port-based events to be controlled are:

RMON_PMGR_PORT_UP—Indicates that the port has changed from and off-line to an on-line state. To be online the port must be both connected to the LAN and enabled through configuration.

RMON_PMGR_PORT_DOWN—Indicates that the port has changed from an on-line state to an offline state. For this state to occur, the port is physically disconnected from the LAN, disabled through the configuration, or both.

The following rules apply:

  • Only one filter can be enabled at a time.

  • The maximum number of configured filters is 10.

  • A filter is identified by a unique name of up to 16 printable ASCII characters.

  • Filters can be dynamically replaced; the newly enabled filter automatically disables the previous filter.

  • A filter always contains a default sub-filter that functions as the filtering rules terminator.

  • To apply filtering to an event logging process, the filter must be explicitly enabled from the CLI.

  • Enabled filter modules can be dynamically modified; the changes will take effect immediately.

A filter module may include up to 19 option sub-filters and a default sub-filter. The sub-filter types are:

  • Severity—checks the severity level of the event log message. The severity values are:

    • major

    • warning

    • error

    • info

    • debug

  • Event number—Checks the event number of the event log message.

  • Regular expression—Checks everything beyond the date/time portion of the event log message.

A sub-filter has a sequence number, criteria to be matched, and a resulting action when a match occurs. All of the parameters must be specified in order to create the sub-filter.

  • Sequence number: Used for the ordering of sub-filters. Range 1-98.

  • Matching criteria: Can be the severity level, event number, or a regular expression.

  • Action to execute: When a match occurs, the resulting action is either permit the logging of the event, or deny the logging of the event.

The following sub-filter rules apply:

  • Up to 19 optional sub-filters and a default sub-filter are allowed in a filter module.

  • Sub-filters in the filter module can be of the same or different types.

  • Sub-filter entries can be modified with new criteria and action definitions.

  • Sub-filters are executed from the lowest sequence number to the highest. As soon as a match is found the log event is immediately accepted or rejected and no further matching operation is performed.

  • The default sub-filter must always be the last entry in a filter module. It functions as the rules terminator when the criteria matching performed by the prior sub-filters in a filter does not produce an action.

  • The default sub-filter cannot be deleted, re-ordered, or changed. The only parameter that can be modified is the action parameter of permit or deny. The default is permit.

Creating a filter
Syntax:

[no] logging filter <name> <sequence> [severity <severity>|event-num <num>|<regexp>] [permit|deny]

Creates a logging filter to restrict which events are logged. The no form of the command removes the logging filter.

<name>: The name that identifies the filter.

severity <severity>: Specifies the severity of an event—major, warning, error, info, or debug.

event-num <num>: Specifies an event number to match.

deny: If the log entry matches the specified criteria, do not log the event message. No further criteria are evaluated for a match.

permit: If the log entry matches the specified criteria, log the event message. No further criteria are evaluated for a match.

Enabling a Filter after Creation
Syntax:

[no] logging filter <name> enable | disable

Enables a log filter. Only one filter can be enabled at a time. An enabled filter automatically disables a previously enabled filter.

<name>: The name that identifies the filter.

Clearing a Filter
Syntax:

[no] clear logging filter <name|all>

Clears statistics counters for the named logging filter or for all filters.

Viewing Filter Configuration Information
Syntax:

show logging filter name

Displays the logging filter’s configuration information. The Matches column indicates the number of times that criteria has matched.

Specifying the criteria for a filter and then enabling the filter

HP Switch(config)# logging filter SevWarnFatal 10 severity warning permit
HP Switch(config)# logging filter SevWarnFatal 20 severity major permit
HP Switch(config)# logging filter SevWarnFatal default deny

HP Switch(config)# logging filter SevWarnFatal enable

  1. The filter named SevWarnFatal adds a sub-filter of the severity type, with a sequence number of 10. The sub-filter specifies that a match for an event log message with a severity of “warning” will be logged.

  2. The second sub-filter has a sequence number of 20 and a severity type of major. The sub-filter specifies that a match for an event log message with a severity of “major” will be logged.

  3. The default sub-filter, which is created automatically at the time of filter creation, is always the last entry in the filter module. It matches “anything” and cannot be changed. You can change the actions to either permitor deny. This example specifies that any message that did not meet the prior matching criteria will not be logged.

  4. The last command enables the filter named SevWarnFatal. If there was another filter enabled, this filter automatically replaces it and the other filter is disabled.

Specifying the criteria for a filter named noUpDownEvents and then enabling the filter

HP Switch(config)# logging filter noUpDownEvent 10 event-num 76 deny
HP Switch(config)# logging filter noUpDownEvent 20 event-num 77 deny
HP Switch(config)# logging filter noUpDownEvent default permit

HP Switch(config)# logging filter noUpDownEvent enable

  1. The filter named noUpDownEvents adds a sub-filter with a type of event-num, and a sequence number of 10. The sub-filter specifies that a match for an event log message with an event number of “76” will not be logged.

  2. The second sub-filter has a sequence number of 20 and a type of event-num. The sub-filter specifies that a match for an event log message with an event number of “77” will not be logged.

  3. The default sub-filter, which is created automatically at the time of filter creation, is always the last entry in the filter module. It matches “anything” and cannot be changed. You can change the actions to either permit or deny. This example specifies that any message that did not meet the prior matching criteria will be logged.

  4. The last command enables the filternamednoUpDownEvents. If there was another filter enabled, this filter automatically replaces it and the other filter is disabled.

Specifying the criteria for a match using a regular expression and then enabling the filter

HP Switch(config)# logging filter noUpPorts 10 "(A10|A22|B5) is now on-line" deny
HP Switch(config)# logging filter noUpPorts default permit

HP Switch(config)# logging filter noUpPorts enable

This example denies logging of the matching regular expression “port <port-num> is now on-line” for ports A10, A22, and B5.

  1. The filter named noUpPorts adds a sub-filter with a type of regular expression for ports A10, A22, and B5. The sub-filter specifies the matching criteria for the regular expression and if there is a match, the event log message is not logged.

  2. The default sub-filter specifies that any message that did not meet the prior matching criteria will be logged.

  3. The last command enables the filter named noUpPorts.

Specifying the criteria for a match using a regular expression for specific ports

HP Switch(config)# logging filter noStpBlockPorts 10 "(A[1-9]|A10|B[1-4])
.*Blocked by STP" permit
HP Switch(config)# logging filter noStpBlockPorts 20 " .*Blocked by STP" deny
HP Switch(config)# logging filter noStpBlockPorts default permit

HP Switch(config)# logging filter noStpBlockPorts enable

  1. The filter named noStpBlockPorts adds a sub-filter with a type of regular expression with a sequence number of 10. This rule specifies that event messages from ports A1-A10, and B1-B4 with the “.*Blocked by STP” expression pattern in the message body are logged.

  2. The second command adds a sub-filter with a type of regular expression and a sequence number of 20. This rule specifies that event messages generated from any ports with the “.*Blocked by STP” expression pattern in the message body are not logged.

  3. The default sub-filter specifies that any message that did not meet the prior matching criteria will be logged.

  4. The last command enables the filter named noStpBlockPorts.

Output examples:

The configured logging filters

HP Switch# show logging filter

 Status and Counters - Log Filters Information

  Name            Enabled
  --------------- -------
  noUpPorts       No
  SevWarnFatal    No
  noUpDownEvents  No
  noStpBlockPorts Yes

Output for specified logging filters

HP Switch# show logging filter sevWarnFatal

 Status and Counters - Log Filters Information

  Name             : Enabled
  Enabled          : Yes
  Messages Dropped : 0

  Seq Type      Value                               Action Matches
  --- --------  ----------------------------------  ------ -------
  10  Severity  warning                             Permit 2
  20  Severity  major                               Permit 2
  def          (any)                                Deny   0


HP Switch(config)# show logging filter noStpBlockPorts

 Status and Counters - Log Filters Information

  Name             : noStpBlockPorts
  Enabled          : Yes
  Messages Dropped : 0

  Seq Type      Value                                Action Matches
  --- --------  -----------------------------------  ------ -------
  10  RegExp    (A[1-9]|A10|B[1-4]).*Blocked by STP  Permit 2
  20  RegExp    .*Blocked by STP                     Deny   2
  def           (any)                                Permit 0

Output of running-config file

HP Switch# show running-config

Running configuration:

; J9470A Configuration Editor; Created on release #XX.15.13.0000x
; Ver #04:0f.ff.3f.ef:24
hostname "HP Switch"
module 1 type j94dda
logging filter "noUpPorts" 10 "(A10|A22|B5) is now on-line" deny
logging filter "noUpPorts" default permit
logging filter "SevWarnFatal" 10 severity warning permit
logging filter "SevWarnFatal" 20 severity major permit
logging filter "SevWarnFatal" default deny
logging filter "noUpDownEvent" 10 event-num 76 deny
logging filter "noUpDownEvent" 20 event-num 77 deny
logging filter "noUpDownEvent" default permit
logging filter "noStpBlockPorts" 10 "(A[1-9]|A10|B[1-4]) .*Blocked by STP" permit
logging filter "noStpBlockPorts" 20 " .*Blocked by STP" deny
logging filter "noStpBlockPorts" default permit
logging filter "noStpBlockPorts" enable
snmp-server community "public" unrestricted
snmp-server host 15.255.133.156 community "public"
snmp-server host 15.255.133.146 community "public"
vlan 1
.
.
.

Adding a description for a Syslog server

You can associate a user-friendly description with each of the IP addresses (IPv4 only) configured for syslog using the CLI or SNMP.
[NOTE: ]

NOTE: The HP enterprise MIB hpicfSyslog.mib allows the configuration and monitoring of syslog for SNMP (RFC 3164 supported).
[CAUTION: ]

CAUTION: Entering the no logging command removes ALL the syslog server addresses without a verification prompt.

The CLI command is:

Syntax:

logging <ip-addr> [control-descr <text_string>]
no logging <ip-addr> [control-descr]

An optional user-friendly description that can be associated with a server IP address. If no description is entered, this is blank. If <text_string> contains white space, use quotes around the string. IPv4 addresses only.

Use the no form of the command to remove the description. Limit: 255 characters
[NOTE: ]

NOTE: To remove the description using SNMP, set the description to an empty string.

The logging command with a control description

HP Switch(config)# logging 10.10.10.2 control-descr syslog_one

Adding a priority description

This description can be added with the CLI or SNMP. The CLI command is:

Syntax:

logging priority-descr <text_string>
no logging priority-descr

Provides a user-friendly description for the combined filter values of severity and system module. If no description is entered, this is blank.

If text_string contains white space, use quotes around the string.

Use the no form of the command to remove the description.

Limit: 255 characters

The logging command with a priority description

HP Switch(config)# logging priority-descr severe-pri
[NOTE: ]

NOTE: A notification is sent to the SNMP agent if there are any changes to the syslog parameters, either through the CLI or with SNMP.

Configuring the severity level for Event Log messages sent to a syslog server

Event Log messages are entered with one of the following severity levels (from highest to lowest):

Major

A fatal error condition has occurred on the switch.

Error

An error condition has occurred on the switch.

Warning

A switch service has behaved unexpectedly.

Information

Information on a normal switch event.

Debug

Reserved for HP switch internal diagnostic information.

Using the logging severity command, you can select a set of Event Log messages according to their severity level and send them to a syslog server. Messages of the selected and higher severity will be sent. To configure a syslog server, see Configuring a syslog server.

Syntax:

[no] logging severity <major | error | warning | info | debug>

Configures the switch to send all Event Log messages with a severity level equal to or higher than the specified value to all configured Syslog servers.

Default: debug (Reports messages of all severity levels.)

Use the no form of the command to remove the configured severity level and reconfigure the default value, which sends Event Log messages of all severity levels to syslog servers.
[NOTE: ]

NOTE: The severity setting does not affect event notification messages that the switch normally sends to the Event Log. All messages remain recorded in the Event Log.

Configuring the system module used to select the Event Log messages sent to a syslog server

Event Log messages contain the name of the system module that reported the event. Using the logging system-module command, you can select a set of Event Log messages according to the originating system module and send them to a syslog server.

Syntax:

[no] logging system-module <system-module>

Configures the switch to send all Event Log messages being logged from the specified system module to configured syslog servers. (To configure a syslog server, see Configuring a syslog server.)

See Event Log system modules for the correct value to enter for each system module.

Default: all-pass (Reports all Event Log messages.)

Use the no form of the command to remove the configured system module value and reconfigure the default value, which sends Event Log messages from all system modules to syslog servers.

You can select messages from only one system module to be sent to a syslog server; you cannot configure messages from multiple system modules to be sent. If you re-enter the command with a different system module name, the currently configured value is replaced with the new one.
[NOTE: ]

NOTE: This setting has no effect on event notification messages that the switch normally sends to the Event Log.

Operating notes for debug and Syslog

  • Rebooting the switch or pressing the Reset button resets the debug configuration.

    Debug option

    Effect of a reboot or reset

    logging (debug destination)

    If syslog server IP addresses are stored in the startup-config file, they are saved across a reboot and the logging destination option remains enabled. Otherwise, the logging destination is disabled.

    session (debug destination)

    Disabled.

    ACL (debug type)

    Disabled.

    All (debug type)

    Disabled.

    event (debug type)

    If a syslog server IP address is configured in the startup-config file, the sending of Event Log messages is reset to enabled, regardless of the last active setting.

    If no syslog server is configured, the sending of Event Log messages is disabled.

    IP (debug type)

    Disabled.

  • Debugcommands do not affect normal message output to the Event Log.

    Using the debug event command, you can specify that Event Log messages are sent to the debug destinations you configure (CLI session, syslog servers, or both) in addition to the Event Log.

  • Ensure that your syslog servers accept debug messages.

    All syslog messages resulting from a debug operation have a "debug" severity level. If you configure the switch to send debug messages to a syslog server, ensure that the server's syslog application is configured to accept the "debug" severity level. (The default configuration for some syslog applications ignores the "debug" severity level.)

  • Duplicate IP addresses are not stored in the list of syslog servers.

  • If the default severity value is in effect, all messages that have severities greater than the default value are passed to syslog. For example, if the default severity is "debug," all messages that have severities greater than debug are passed to syslog.

  • There is a limit of six syslog servers. All syslog servers are sent the same messages using the same filter parameters. An error is generated for an attempt to add more than six syslog servers.

prev

 

up

 next

Using the Event Log for troubleshooting switch problems 

home

 Diagnostic tools

Copyright © 2015 Hewlett-Packard Development Company, L.P.