While the Event Log records switch-level progress, status, and warning messages on the switch, the debug/system logging (syslog) feature provides a way to record Event Log and debug messages on a remote device. For example, you can send messages about routing misconfigurations and other network protocol details to an external device, and later use them to debug network-level problems.
The debug/syslog feature allows you to specify the types of Event Log and debug messages that you want to send to an external device. You can perform the following operations:
The syslog now messages the sender identified by hostname.
The hostname field identifies the switch that originally sends the syslog message. Configurable through the CLI and SNMP, the format of the hostname field supports the following formats:
-
ip-address: The IP address of the sending interface will be used as the message origin identifier. This is the default format for the origin identifier. The IP address of the sending interface (in dotted decimal notation) is the default format.
-
hostname: The hostname of the sending switch will be used as the message origin identifier.
-
none: No origin identifier will be embedded in the syslog message. Nilvalue is used as defined by “-“.
This configuration is system-wide, not per syslog server.
|
|
NOTE: There is no support in this feature for menu interface, WebUI or a fully qualified domain name. There are no changes in this feature to PCM or IDM. There are no new log events added in this feature. |
|
|
Use the logging origin-id
command to specify the content for the hostname field.
Syntax:
To reset the hostname field content back to default (IP-address), use the
no
form of the command.Add an IP address to the list of receiving syslog servers.
Use of
no
without an IP address specified will remove all IP addresses from the list of syslog receivers. If an IP address is specified, that receiver will be removed. Both link-local with zone ID and global IPv6 addresses are supported.
Specify syslog server facility with the option <
facility
>. The commandno logging <facility>
sets the facility back to defaults.Specify severity for event messages to be filtered to the syslog server with the option <
severity
>. The commandno logging <severity>
sets the severity back to default.Event messages of specified system module will be sent to the syslog server. Using
no
sends messages from all system modules. Messages are first filtered by selected severity.Specify syslog server transport layer with options
[udp]|[tcp]|[tls]
.Specify syslog server port number with options
[udp PORT-NUM]|[tcp PORT-NUM]|[tls PORT-NUM]
.Use the option
transmission-interval
to control the egress rate limit for transmitting notifications, 0 value means there is no rate limit. The values are in seconds. Only one syslog message is allowed for transmission within specified time interval.Specify the origin information for the syslog messages with the option
origin-id
.
|
|
NOTE: When the syslog server receives messages from the switch, the IPv6 address of the switch is partly displayed. Example: |
|
|
Use the command in Setting the origin-id to the hostname to set the origin-id to the hostname.
The following syslog message will occur:
Use the command in Setting the origin-id to none (nilvalue) to set the origin-id to none (nilvalue).
The following syslog message will occur:
Use any of the commands in Setting the origin-id to ip-address (default) to set the origin-id to ip-address (default).
Use the commands show debug
or show running-config
to display the identification of the syslog message sender. The default option for origin-id
is ip-address
. The command show running-config
will not display the configured option when origin-id
is set to the default value of ip address
.
When hostname
or none
is configured using logging origin-id
, the same displays as part of the show running-config
command.
Syntax:
Output of the show debug command when configured without login origin-id shows the output of the show debug
command when configured without loggin origin-id
.
Output of the show debug command when configured without login origin-id
Debug Logging Origin identifier: Outgoing Interface IP Destination: None Enabled debug types: None are enabled.
The command logging origin-id hostname
will produce the syslog message shown in Syslog message for logging origin-id hostname.
Syslog message for logging origin-id hostname
Debug Logging Origin identifier: Hostname Destination: None Enabled debug types: None are enabled.
The command logging origin-id none
will produce the syslog message shown in Syslog message for logging origin-id none.
Syslog message for logging origin-id none
Debug Logging Origin identifier: none Destination: None Enabled debug types: None are enabled.
Syntax:
Output of the show running-config command shows the output of the show running-config
command.
Output of the show running-config command
The command logging
origin-id hostname will display the
following:
logging origin-id hostname
The command logging origin-id none
will display as the following:
To use debug/syslog messaging, you must configure an external device as the logging destination by using the logging
and debug destination
commands. For more information, see Debug destinations and Configuring a syslog server.
A debug/syslog destination device can be a syslog server and/or a console session. You can configure debug and logging messages to be sent to:
Using the Debug/Syslog feature, you can perform the following operations:
-
Configure the switch to send Event Log messages to one or more Syslog servers. In addition, you can configure the messages to be sent to the User log facility (default) or to another log facility on configured Syslog servers.
-
Configure the switch to send Event Log messages to the current management- access session (serial-connect CLI, Telnet CLI, or SSH).
-
Disable all Syslog debug logging while retaining the Syslog addresses from the switch configuration. This allows you to configure Syslog messaging and then disable and re-enable it as needed.
-
Display the current debug configuration. If Syslog logging is currently active, the list f configured Syslog servers is displayed.
-
Display the current Syslog server list when Syslog logging is disabled.
-
To use a syslog server as the destination device for debug messaging, follow these steps:
-
Enter the
logging
command at the global configuration level to configure the syslog server IP address and enable syslog logging. Optionally, you may also specify the destination subsystem to be used on the syslog server by entering the<syslog-ip-addr>
logging facility
command.If no other syslog server IP addresses are configured, entering the
logging
command enables both debug messaging to a syslog server and the event debug message type. As a result, the switch automatically sends Event Log messages to the syslog server, regardless of other debug types that may be configured. -
Re-enter the
logging
command in step "a" to configure additional syslog servers. You can configure up to a total of six servers. (When multiple server IP addresses are configured, the switch sends the debug message types that you configure in step “Step 3” to all IP addresses.)
-
-
To use a CLI session on a destination device for debug messaging:
-
Enable the types of debug messages to be sent to configured syslog servers, the current session device, or both by entering the
debug <
command and selecting the desired options.debug-type
>Repeat this step if necessary to enable multiple debug message types.
By default, Event Log messages are sent to configured debug destination devices. To block Event Log messages from being sent, enter the
no debug event
command. -
If necessary, enable a subset of Event Log messages to be sent to configured syslog servers by specifying a severity level, a system module, or both using the following commands
HP Switch(config)# logging severity <debug | major | error | warning | info> HP Switch(config)# logging system-module
<
system-module
>To display a list of valid values for each command, enter
logging severity
orlogging system-module
followed by?
or pressing the Tab key.The severity levels in order from the highest to lowest severity are major, error, warning, info, and debug. For a list of valid values for the
logging system-module <
command, see Event Log system modules.system-module
> -
If you configure system-module, severity-level values, or both to filter Event Log messages, when you finish troubleshooting, you may want to reset these values to their default settings so that the switch sends all Event Log messages to configured debug destinations (syslog servers, CLI session, or both).
To remove a configured setting and restore the default values that send all Event Log messages, enter one or both of the following commands:
HP Switch(config)# no logging severity <debug | major | error | warning | info> HP Switch(config)# no logging system-module
<
system-module
>
|
|
CAUTION: If you configure a severity-level, system-module, logging destination, or logging facility value and save the settings to the startup configuration (For example, by entering the |
|
|
Use the show debug
command to display the currently configured settings for:
Syntax:
Displays the currently configured debug logging destinations and message types selected for debugging purposes. (If no syslog server address is configured with the
logging <
command, nosyslog-ip-addr
>show debug
command output is displayed.)
Output of the show debug command
HP Switch(config)# show debug Debug Logging Destination: Logging -- 10.28.38.164 Facility=kern Severity=warning System module=all-pass Enabled debug types: event
Example:
In the following Example:, no syslog servers are configured on the switch (default setting). When you configure a syslog server, debug logging is enabled to send Event Log messages to the server. To limit the Event Log messages sent to the syslog server, specify a set of messages by entering the
logging severity
andlogging system-module
commands.As shown at the top of Syslog configuration to receive event log messages from specified system module and severity levels, if you enter the
show debug
command when no syslog server IP address is configured, the configuration settings for syslog server facility, Event Log severity level, and system module are not displayed. However, after you configure a syslog server address and enable syslog logging, all debug and logging settings are displayed with theshow debug
command.If you do not want Event Log messages sent to syslog servers, you can block the messages from being sent by entering the
no debug event
command. (There is no effect on the normal logging of messages in the switch's Event Log.)
Example:
The next Example: shows how to configure:
Debug logging of ACL and IP-OSPF packet messages on a syslog server at 18.38.64.164 (with user as the default logging facility).
Display of these messages in the CLI session of your terminal device's management access to the switch.
Blocking Event Log messages from being sent from the switch to the syslog server and a CLI session.
To configure syslog operation in these ways with the debug/syslog feature disabled on the switch, enter the commands shown in Debug/syslog configuration for multiple debug types and multiple destinations.
At the manager level, use the debug
command to perform two main functions:
By default, no debug destination is enabled and only Event Log messages are enabled to be sent.
|
|
NOTE: To configure a syslog server, use the |
|
|
Syntax:
acl
When a match occurs on an ACL "deny" ACE (with
log
configured), the switch sends an ACL message to configured debug destinations. For information on ACLs, see the "Access Control Lists (ACLs)" chapter in the latest version of the following guides:
IPv4 ACLs: Access Security Guide
IPv6 ACLs: IPv6 Configuration Guide
NOTE: ACE matches (hits) for permit and deny entries can be tracked using the
show statistics <aclv4|aclv6>
command.
(Default: Disabled—ACL messages for traffic that matches "deny" entries are not sent.)
Configures the switch to send all debug message types to configured debug destinations.
(Default: Disabled—No debug messages are sent.)
cdp
Sends CDP information to configured debug destinations.
destination
logging
—Disables or re-enables syslog logging on one or more syslog servers configured with thelogging <
command.syslog-ip-addr
>
session
—Assigns or re-assigns destination status to the terminal device that was most recently used to request debug output.
buffer
—Enables syslog logging to send the debug message types specified by thedebug <
command to a buffer in switch memory.debug-type
>For more information on these options, see Debug destinations.
event
Configures the switch to send Event Log messages to configured debug destinations.
NOTE: This value does not affect the reception of event notification messages in the Event Log on the switch.
Event Log messages are automatically enabled to be sent to debug destinations in these conditions:
If no syslog server address is configured and you enter the
logging <
command to configure a destination address.syslog-ip-addr
>If at least one syslog server address is configured in the startup configuration, and the switch is rebooted or reset.
Event log messages are the default type of debug message sent to configured debug destinations.
ip
[ fib | forwarding | packet | rip ]Sends IP messages to configured destinations.
ip
[fib[events]]For the configured debug destinations:
events
—Sends IP forwarding information base events.
ip
[packet]Enables the specified PIM message type.
ip
[rip[ database | event | trigger ]]
rip
<database | event | trigger>—Enables the specified RIP message type for the configured destination(s).
database
—Displays database changes.
event
—Displays RIP events.
trigger
—Displays trigger messages.
ipv6
[ dhcpv6-client | nd | packet ]
NOTE: See the "IPv6 Diagnostic and Troubleshooting" chapter in the IPv6 Configuration Guide for your switch for more detailed IPv6 debug options.
When no debug options are included, displays debug messages for all IPv6 debug options.
dhcpv6-client
[ events | packet ]—Displays DHCPv6 client event and packet data.
nd
—Displays debug messages for IPv6 neighbor discovery.
packet
—Displays IPv6 packet messages.lldp
Enables all LLDP message types for the configured destinations.
security
[ arp-protect | dhcp-snooping | dynamic-ip-lockdown | port-access | port-security | radius-server | ssh | tacacs-server | user-profile-mib ]
arp-protect
— Sends dynamic ARP protection debug messages to configured debug destinations.
dhcp-snooping
—Sends DHCP snooping debug messages to configured debug destinations.
agent
—Displays DHCP snooping agent messages.
event
—Displays DHCP snooping event messages.
packet
—Displays DHCP snooping packet messages.
dynamic-ip-lockdown
—Sends dynamic IP lockdown debug messages to the debug destination.
port-access
—Sends port-access debug messages to the debug destination.
radius-server
—Sends RADIUS debug messages to the debug destination.
ssh
—Sends SSH debug messages at the specified level to the debug destination. The levels are fatal, error, info, verbose, debug, debug2, and debug3.
tacacs-server
—Sends TACACS debug messages to the debug destination.
user-profile-mib
—Sends user profile MIB debug messages to the debug destination.services <
slot-id-range
>Displays debug messages on the services module. Enter an alphabetic module ID or range of module IDs for the <
slot-id-range
> parameter.
snmp
<pdu>Displays the SNMP debug messages.
pdu
—Displays SNMP pdu debug messages.
Use the debug destination
command to enable (and disable)syslog messaging on a syslog server or to a CLI session for specified types of debug and Event Log messages.
Syntax:
logging
Enables syslog logging to configured syslog servers so that the debug message types specified by the
debug <
command (see Debug messages) are sent.debug-type
>(Default: Logging disabled)
To configure a syslog server IP address, see Configuring a syslog server.
NOTE: Debug messages from the switches covered in this guide have a debug severity level. Because the default configuration of some syslog servers ignores syslog messages with the debug severity level, ensure that the syslog servers you want to use to receive debug messages are configured to accept the debug level. For more information, see Operating notes for debug and Syslog.
session
Enables transmission of event notification messages to the CLI session that most recently executed this command. The session can be on any one terminal emulation device with serial, Telnet, or SSH access to the CLI at the Manager level prompt (
HP Switch#_
).If more than one terminal device has a console session with the CLI, you can redirect the destination from the current device to another device. Do so by executing
debug destination session
in the CLI on the terminal device on which you now want to display event messages.Event message types received on the selected CLI session are configured with the
debug <
command.debug-type
>buffer
Enables syslog logging to send the debug message types specified by the
debug <
command to a buffer in switch memory.debug-type
>To view the debug messages stored in the switch buffer, enter the
show debug buffer
command.
At the global configuration level, the logging
command allows you to enable debug logging on specified syslog servers and select a subset of Event Log messages to send for debugging purposes according to:
By specifying both a severity level and system module, you can use both configured settings to filter the Event Log messages you want to use to troubleshoot switch or network error conditions.
Syslog is a client-server logging tool that allows a client switch to send event notification messages to a networked device operating with syslog server software. Messages sent to a syslog server can be stored to a file for later debugging analysis.
To use the syslog feature, you must install and configure a syslog server application on a networked host accessible to the switch. For instructions, see the documentation for the syslog server application.
To configure a syslog service, use the logging <
command as shown below.syslog-ip-addr
>
When you configure a syslog server, Event Log messages are automatically enabled to be sent to the server. To reconfigure this setting, use the following commands:
-
Specifies additional debug message types (see Debug messages).
-
Configures the system module or severity level used to filter the Event Log messages sent to configured syslog servers. (See Configuring the severity level for Event Log messages sent to a syslog server and Configuring the system module used to select the Event Log messages sent to a syslog server.)
To display the currently configured syslog servers as well as the types of debug messages and the severity-level and system-module filters used to specify the Event Log messages that are sent, enter the show debug
command (See Debug/syslog configuration commands).
Syntax:
Enables or disables syslog messaging to the specified IP address. You can configure up to six addresses. If you configure an address when none are already configured, this command enables destination logging (syslog) and the Event debug type. Therefore, at a minimum, the switch begins sending Event Log messages to configured syslog servers. The ACL, IP-OSPF, and/or IP-RIP message types are also sent to the syslog servers if they are currently enabled as debug types. (See Debug messages.)
no logging
Removes all currently configured syslog logging destinations from the running configuration.
Using this form of the command to delete the only remaining syslog server address disables debug destination logging on the switch, but the default Event debug type does not change.
no logging <
syslog-ip-address
>Removes only the specified syslog logging destination from the running configuration.
Removing all configured syslog destinations with the
no logging
command (or a specified syslog server destination with theno logging <
command) does not delete the syslog server IP addresses stored in the startup configuration.syslog-ip-address
>
Enter the no debug <
command. (See Debug messages.)debug-type
>
Enter the no debug destination logging
command. Note that, unlike the case in which no syslog servers are configured, if one or more syslog servers are already configured and syslog messaging is disabled, configuring a new server address does not re-enable syslog messaging. To re-enable syslog messaging, you must enter the debug destination logging
command.
Syntax:
Allows the configuration of the UDP or TCP transport protocol for the transmission of logging messages to a syslog server.
Specifying a destination port with UDP or TCP is optional.
Default ports: UDP port is 514
Default Transport Protocol: UDP
Because TCP is a connection-oriented protocol, a connection must be present before the logging information is sent. This helps ensure that the logging message will reach the syslog server. Each configured syslog server needs its own connection. You can configure the destination port that is used for the transmission of the logging messages.
Configuring TCP for logging message transmission using the default port
HP Switch(config)# logging 192.123.4.5 tcpConfiguring TCP for logging message transmission using a specified port
HP Switch(config)# logging 192.123.4.5 9514
Syntax:
The logging facility specifies the destination subsystem used in a configured syslog server. (All configured syslog servers must use the same subsystem.) HP recommends the default (user) subsystem unless your application specifically requires another subsystem. Options include:
user
(default) Random user-level messages
kern
Kernel messages
Mail system
daemon
System daemons
auth
Security/authorization messages
syslog
Messages generated internally by syslog
lpr
Line-printer subsystem
news
Netnews subsystem
uucp
uucp subsystem
cron
cron/at subsystem
sys9
cron/at subsystem
sys10 - sys14
Reserved for system use
local10 - local17
Reserved for system use
Use the
no
form of the command to remove the configured facility and reconfigure the default (user) value.
You can associate a user-friendly description with each of the IP addresses (IPv4 only) configured for syslog using the CLI or SNMP.
|
|
NOTE: The HP enterprise MIB hpicfSyslog.mib allows the configuration and monitoring of syslog for SNMP (RFC 3164 supported). |
|
|
|
|
CAUTION: Entering the |
|
|
Syntax:
An optional user-friendly description that can be associated with a server IP address. If no description is entered, this is blank. If <
text_string
> contains white space, use quotes around the string. IPv4 addresses only.Use the
no
form of the command to remove the description. Limit: 255 characters
NOTE: To remove the description using SNMP, set the description to an empty string.
This description can be added with the CLI or SNMP. The CLI command is:
Syntax:
Provides a user-friendly description for the combined filter values of
severity
andsystem module
. If no description is entered, this is blank.If
text_string
contains white space, use quotes around the string.
The logging command with a priority description
HP Switch(config)# logging priority-descr severe-pri
|
|
NOTE: A notification is sent to the SNMP agent if there are any changes to the syslog parameters, either through the CLI or with SNMP. |
|
|
Event Log messages are entered with one of the following severity levels (from highest to lowest):
|
A fatal error condition has occurred on the switch. |
|
An error condition has occurred on the switch. |
|
A switch service has behaved unexpectedly. |
|
Information on a normal switch event. |
|
Reserved for HP switch internal diagnostic information. |
Using the logging severity
command, you can select a set of Event Log messages according to their severity level and send them to a syslog server. Messages of the selected and higher severity will be sent. To configure a syslog server, see Configuring a syslog server.
Syntax:
[no]
logging severity
<major
|error
|warning
|info
|debug
>
Configures the switch to send all Event Log messages with a severity level equal to or higher than the specified value to all configured Syslog servers.
Default:
debug
(Reports messages of all severity levels.)Use the
no
form of the command to remove the configured severity level and reconfigure the default value, which sends Event Log messages of all severity levels to syslog servers.
NOTE: The severity setting does not affect event notification messages that the switch normally sends to the Event Log. All messages remain recorded in the Event Log.
Event Log messages contain the name of the system module that reported the event. Using the logging system-module
command, you can select a set of Event Log messages according to the originating system module and send them to a syslog server.
Syntax:
Configures the switch to send all Event Log messages being logged from the specified system module to configured syslog servers. (To configure a syslog server, see Configuring a syslog server.)
See Event Log system modules for the correct value to enter for each system module.
Default:
all-pass
(Reports all Event Log messages.)Use the
no
form of the command to remove the configured system module value and reconfigure the default value, which sends Event Log messages from all system modules to syslog servers.You can select messages from only one system module to be sent to a syslog server; you cannot configure messages from multiple system modules to be sent. If you re-enter the command with a different system module name, the currently configured value is replaced with the new one.
NOTE: This setting has no effect on event notification messages that the switch normally sends to the Event Log.
-
Rebooting the switch or pressing the
Reset
button resets the debug configuration.Debug option
Effect of a reboot or reset
logging (debug destination)
If syslog server IP addresses are stored in the startup-config file, they are saved across a reboot and the logging destination option remains enabled. Otherwise, the logging destination is disabled.
session (debug destination)
Disabled.
ACL (debug type)
Disabled.
All (debug type)
Disabled.
event (debug type)
If a syslog server IP address is configured in the startup-config file, the sending of Event Log messages is reset to
enabled
, regardless of the last active setting.If no syslog server is configured, the sending of Event Log messages is
disabled
.IP (debug type)
Disabled.
-
Debugcommands do not affect normal message output to the Event Log.
Using the
debug event
command, you can specify that Event Log messages are sent to the debug destinations you configure (CLI session, syslog servers, or both) in addition to the Event Log. -
Ensure that your syslog servers accept debug messages.
All syslog messages resulting from a debug operation have a "debug" severity level. If you configure the switch to send debug messages to a syslog server, ensure that the server's syslog application is configured to accept the "debug" severity level. (The default configuration for some syslog applications ignores the "debug" severity level.)
-
Duplicate IP addresses are not stored in the list of syslog servers.
-
If the default severity value is in effect, all messages that have severities greater than the default value are passed to syslog. For example, if the default severity is "debug," all messages that have severities greater than debug are passed to syslog.
-
There is a limit of six syslog servers. All syslog servers are sent the same messages using the same filter parameters. An error is generated for an attempt to add more than six syslog servers.