Configuring Event Logging

[Contents] [Prev] [Next] [Index] [Report an Error]

Configuring Event Logging
By default, event logging is enabled and has default settings. This section shows how to change the following settings to customize event logging to fit your needs.

Set a baseline for when the system begins logging messages.
host1#baseline log 11:12:55 April 30 2002
Set the log severity.
host1(config)#log severity warning
Remove the limit on the number of buffers available for an event category.
host1(config)#log unlimit qos 
Set the log verbosity.
host1(config)#log verbosity log
Log messages to a specified destination.
host1(config)#log destination syslog 10.10.9.5 include 
ospfGeneral mplsGeneral os
Select fields to be added to logs.
host1(config)#log fields timestamp instance no-calling-task
Enable logs destined for a console to be displayed at the current console device.
host1#log here
The next sections show how to configure individual and systemwide logs, how to format timestamps for log messages, and how to configure log filters.

baseline log

Use to set a baseline for logging events. Only log messages timestamped after the baseline will appear when you enter the show log data delta command.

To use the current system time, do not enter any options.

To set a specific time, use the following syntax:

Hour:Minute[:Second] - current time in 24-hour format. Seconds are optional.

utc - enter this keyword to indicate that the time entered is in universal coordinated time (UTC), rather than local time.

To set a specific date, use the following syntax:

Month Day Year - you must spell out the name of the month.

last-reset - causes the system to display log messages generated since the last time the system was reset

Examples
host1#baseline log 11:12:55 April 30 2002
host1#baseline log last-reset
There is no no version.

log destination

Use to log messages to the specified destination, including system log, console, and nv-file (nonvolatile storage).

Note: You can display traffic logs—such as ipTraffic, icmpTraffic, tcpTraffic, and udpTraffic—only via the show log data command or from the SRP module console. You cannot redirect traffic logs elsewhere, such as to a system log or nonvolatile storage file, or to a Telnet session.

Use the severity keyword to limit the messages logged based on priority level.

The following information applies to logging messages to system log servers.

You can have multiple system log servers, but must configure logging to each one separately.

A particular message within a specified event category is logged to a particular system log server only if the priority of the message is greater than or equal to both the priority of the event category and the priority of that system log server.

If you log messages to a system log server, you can also specify:

facility - specifies a facility ID on the system log destination host. The range is 0-7, representing the logging facilities local0-local7.

include - logs only the listed categories to system log; no other categories are logged unless specifically included by issuing this command again.

exclude - logs all categories to system log except the listed categories; all other categories are logged unless specifically excluded by issuing this command again.

Issuing an include command after an exclude command (or vice versa) overrides the earlier command. Therefore, you cannot enter a command including certain categories and then follow it with a command excluding others. Similarly, you cannot enter a command excluding certain categories and then follow it with a command including others.

You can issue successive include commands or successive exclude commands; in this case, the successive commands expand the list of included or excluded categories.

In this example, the first command causes only the osfpGeneral, mplsGeneral, and os event categories to be logged to system log at 10.10.9.5. The second command reverses this inclusion and restores the logging of all event categories.
host1(config)#log destination syslog 10.10.9.5 include 
ospfGeneral mplsGeneral os
host1(config)#no log destination syslog 10.10.9.5 
In this example, the first command again causes only the osfpGeneral, mplsGeneral, and os event categories to be logged to system log at 10.10.9.5. The second command reverses the inclusion of ospfGeneral and os. The mplsGeneral category is still included and is thus the only category logged.
host1(config)#log destination syslog 10.10.9.5 include 
ospfGeneral mplsGeneral os
host1(config)#no log destination syslog 10.10.9.5 include 
ospfGeneral os
In this example, the first command causes the isisGeneral, ipRoutePolicy, and ipTraffic event categories to be excluded from logging to system log at 10.1.2.3. The second command reverses this exclusion and restores the logging of all event categories.
host1(config)#log destination syslog 10.1.2.3 exclude 
isisGeneral ipRoutePolicy ipTraffic
host1(config)#no log destination syslog 10.1.2.3 exclude 
In this example, the first command again causes the isisGeneral, ipRoutePolicy, and ipTraffic event categories to be excluded from logging to system log at 10.1.2.3. The second command reverses the exclusion of ipRoutePolicy and ipTraffic. The isisGeneral category is still excluded; all other events are logged.
host1(config)#log destination syslog 10.1.2.3 exclude 
isisGeneral ipRoutePolicy ipTraffic
host1(config)#no log destination syslog 10.1.2.3 exclude 
isisGeneral 
In this example, the first command causes the isisGeneral event category to be excluded from logging to system log at 10.1.2.3. The second command causes ospfGeneral to also be excluded from logging.
host1(config)#log destination syslog 10.1.2.3 exclude 
isisGeneral
host1(config)#log destination syslog 10.1.2.3 exclude 
ospfGeneral 
In this example, the first command causes the isisGeneral event category to be excluded from logging to system log at 10.1.2.3; all other events are logged. The second command overrides the first and causes the exclusion of all events except ospfGeneral.
host1(config)#log destination syslog 10.1.2.3 exclude 
isisGeneral
host1(config)#log destination syslog 10.1.2.3 include 
ospfGeneral
Use the no version to reverse the effects of previous commands or restore the default, which is to log all event categories.

log destination syslog source

Use to specify a source interface type and location for events logged to system log at the specified IP address.

Overrides the actual source interface type and location. The IP address associated with the specified source interface will be used as the source address for subsequent system log messages.

Example
host1(config)#log destination syslog 10.1.2.3 source atm 0/1
Use the no version to restore the actual source interface type and location.

log engineering

Use to enable engineering logs.

This command can provide you with troubleshooting information that will assist you when contacting Juniper Networks Customer Service.

Example
host1(config)#log engineering
Use the no form of this command to disable engineering logs.

log fields

Use to select fields to be added to all logs. These fields include a timestamp for the message, an instance identifier, and the name of the internal software application that created the message.

Example
host1(config)#log fields timestamp instance no-calling-task
Use the no version to restore the default log field settings.

log here

Use to enable logs destined for a console to be displayed at the current console.

By default, the local console automatically receives all log messages if console is a destination. The exception is the cliCommand log. These log events do not appear on the console.

By default, Telnet consoles do not receive log messages.

Example
host1#log here
Use the no version to disable logs destined for a console from being displayed on this console.

log severity

Use to set the severity level for a selected category or for systemwide logs. For a list of severity values, see Table 11-1.

If you do not specify a category, then the severity value is set for all categories, except individual logs for which you previously set a specific value. See the next section, Configuring Log Severity for Individual and Systemwide Logs.

Each event category has its own default severity value. For most categories, the default is error.

To disable log messages use the off keyword.

Example
host1(config)#log severity warning
Use the no version to return to the default severity value (error) for the selected category. To return all logs to their default severity setting, include an * (asterisk) with the no version. For example:
host1(config)#no log severity *
log unlimit

Use to remove the limit on the number of outstanding buffers for an event category. You would remove the limit in cases where the system is dropping logs of a particular category.

Example
host1(config)#log unlimit qos 
Use the no version to return to the default value.

log verbosity

Use to set the verbosity level for a selected category or for all categories.

If you do not specify a category, then the verbosity level is set for all categories.

The default verbosity setting for all logs is low.

Example
host1(config)#log verbosity log
Use the no version to return to the default verbosity (low) for the selected category.

Configuring Log Severity for Individual and Systemwide Logs

Each event category has its own default severity setting that is based on the type of log messages for that category. You can change the severity setting for individual logs and the systemwide value:

To change the log severity of an individual log, set the individual log category to an explicit value. The new value overrides any systemwide value, and subsequent commands that set the systemwide severity value do not override the value you set for the individual log. To return an individual log severity to its default value, which also allows the individual log severity to be overridden by the systemwide value, use the no version of the log severity command, and specify the individual log category.

To change the log severity of every log, set the systemwide severity. The systemwide severity setting does not override individual log severities that you explicitly set.

To return all logs, systemwide and individual, to their default severity level, use the no log severity * command.

Examples

The following example sets all logs to log at severity info, except for the bgpEvents and bgpRoutes categories.
host1(config)#log severity warning bgpEvents
host1(config)#log severity notice bgpRoutes
host1(config)#log severity info
The following command removes the severity values for bgpEvents; bgpEvents now logs at the info severity level.
host1(config)#no log severity bgpEvents
The following command returns all logs to their default severity level.
host1(config)#no log severity *
To see whether individual or systemwide severity and verbosity settings are in effect, use the show log configuration command.

Configuring Log Verbosity for Individual Logs or All Logs

The default verbosity setting for all logs is low. To change the logging verbosity of an individual log, specify a category when you enter the log verbosity command. To change the log verbosity of every log, do not specify an event category when you enter the log verbosity command. However, once you enter the log verbosity command without specifying a particular event category, all logs are set to the new verbosity. No log verbosity overrides are saved.

Example

The following example sets all log categories to verbosity medium, and then it sets the verbosity level for ds3 events to high.
host1(config)#log verbosity medium
host1(config)#log verbosity high ds3 
Setting the Timestamp for Log Messages

You can use the service timestamps command to format timestamps for log messages. By default, log messages display universal coordinated time (UTC) without the time zone.

The following examples illustrate how you can change the timestamp on log messages.

Set the time zone to EDT, 5 hours behind UTC, and display the local time on the log messages.
host1(config)#clock timezone EDT -5
host1(config)#service timestamps log datetime show-timezone 
localtime
host1#exit
host1#show log data category cliCommand severity info
***********************************************************
NOTICE 05/14/2001 13:22:48 EDT cliCommand: "clock timezone 
EDT -5", console
NOTICE 05/14/2001 13:23:03 EDT cliCommand: "service 
timestamps log datetime show-timezone localtime ", console
***********************************************************
Display UTC, but no time zone, on the log messages.
host1(config)#service timestamps log datetime
host1#exit
host1#show log data category cliCommand severity info
***********************************************************
NOTICE 05/14/2001 18:24:49 cliCommand: "configure terminal", 
console
NOTICE 05/14/2001 18:24:45 cliCommand: "service timestamps 
log datetime", console
***********************************************************
Display UTC and the time zone on the log messages.
host1#configure terminal
host1(config)#service timestamps log datetime show-timezone
host1(config)#exit
host1#show log data category cliCommand severity info
***********************************************************
NOTICE 05/14/2001 18:28:45 UTC EDT cliCommand: "configure 
terminal", console
NOTICE 05/14/2001 18:28:42 UTC EDT cliCommand: "service 
timestamps log datetime show-timezone", console
***********************************************************
Display no timestamp on the log messages.
host1#configure terminal
host1(config)#no service timestamps
host1#exit
host1#show log data category cliCommand severity info
***********************************************************
NOTICE 134 cliCommand: "configure terminal", console
NOTICE 133 cliCommand: "no service timestamps", console
***********************************************************
service timestamps

Use to format timestamps for log messages.

For information about setting local times and time zones, see Chapter 9, Configuring the System Clock

The show log data command displays the log data with the current timestamp format.

The show log data nv-file command displays the log data with the timestamp format in effect at the time the log record was written.

Use the no version to remove timestamps from log messages.

Configuring Log Filters

Many event categories contain filters that let you further refine the type of information that the system logs. For example, when logging BGP connections, you can limit the information logged to a specific access class, peer, route map, or virtual router.

You define filters when you set the log severity for an event category. The online Help shows the options you can set for each filter. The following example creates a filter that logs BGP connection information at the debug severity level on traffic that matches access list ListOne, and is incoming traffic to virtual router default.
host1(config)#log severity debug bgpevents ?
  access-class  Select an access list for the filter
  in            Select import/in direction for the filter
  out           Select export/out direction for the filter
  peer          Select a peer IP address for the filter
  route-map     Select a route map for the filter
  router        Identify an instance of a virtual router
  <cr> 
host1(config)#log severity debug bgpevents access-class ?
  WORD  The access list
host1(config)#log severity debug bgpevents access-class 
ListOne ?
  filtering-router  Identify virtual router where 
access-class/route-map are defined
  in                Select import/in direction for the filter
  out               Select export/out direction for the filter
  route-map         Select a route map for the filter
  <cr> 
host1(config)#log severity debug bgpevents access-class 
ListOne route-map ?
  WORD  The route map
host1(config)#log severity debug bgpevents access-class 
ListOne route-map default ?
  filtering-router  Identify virtual router where 
access-class/route-map are defined
  in                Select import/in direction for the filter
  out               Select export/out direction for the filter
  <cr>
host1(config)#log severity debug bgpevents access-class 
ListOne route-map default in
The next example limits the logging of PPP debug events to traffic to or from the POS interface in slot 2/0.
host1(config)#log severity debug ppp ?
  atm              Specify an ATM PPP interface
  fastEthernet     Specify a fastEthernet interface
  gigabitEthernet  Specify a gigabitEthernet interface
  mlppp            Specify an MLPPP network interface
  pos              Specify a POS PPP interface
  serial           Specify a serial PPP interface
  <cr> 
host1(config)#log severity debug ppp pos 2/0
List of Event Categories, later in this chapter, includes the filters available in each event category.

Turning Off Filters

There are three ways to turn off filters. The first turns off all filters, the second lets you turn off all filters for an event category, and the third lets you turn off a specific filter.

To turn off all filters:
host1(config)#no log filters
To turn off all filters for an event category, use the no version of the log severity command along with the category name. For example:
host1(config)#no log severity bgpEvents filters
To turn off a specific filter, use the no version of the log severity command that you used to add the filter. For example:
host1(config)#no log severity bgpEvents peer 10.0.0.2 
10.0.0.1
no log filters

Use to turn off log filters.

To turn off all filters for an event category, specify the category name.

To turn off a specific filter, use the no version of the log severity command that you used to add the filter.

Example
host1(config)#no log filters 

[Contents] [Prev] [Next] [Index] [Report an Error]