10.2.6.2. Log Management Setting with the Syslog Function

Operation Confirmed Version:
 Brocade 5600vRouter Version4.2R1S1
This section describes the settings needed for log management with the Syslog function
When the system detects an event or error or when problems attributed to external factors are detected, corresponding logs are output.
The descriptions here are about the setting for saving those logs and linkage with a machine called a Syslog server.
.

Syslog message save method

Make settings to save Syslogs.

Presumed case for sample setting

  • To save Syslogs in the machine

  • To set the level of Syslog to Info level and acquire more number of logs

  • To acquire information on all event types

Command to be entered with CLI

set system syslog global facility all level 'info'
The configuration after completion of appropriate settings is as follows.
system {
        syslog {
                global {
                        facility all {
                                level info
                        }
                 }
        }
}

Note

The Info level checked above is the level which allows to acquire more amount of information Because a lot of logs including normal-level information and critical information are acquired, properly set the Severity level when making Syslog setting. The default of the Severity level is warning.

Operation check result

Using the show log command allows to check the content of Syslog.
user@FW01:~$ sh log
2017-03-22T07:34:51.810507+00:00 FW01 Keepalived_vrrp[3517]: VRRP_Instance(vyatta-dp0s4-10) sending 0 priority
2017-03-22T07:34:51.810669+00:00 FW01 Keepalived_vrrp[3517]: VRRP_Instance(vyatta-dp0s4-10) removing protocol VIPs.
2017-03-22T07:34:51.843327+00:00 FW01 Keepalived_vrrp[3517]: vmac: Success removing VMAC interface dp0vrrp1 for vrrp_instance vyatta-dp0s4-10
2017-03-22T07:34:51.843573+00:00 FW01 Keepalived_vrrp[3517]: Configuration is using : 58763 Bytes

Setting for transfer to a remote server

Syslog information can be transferred to an external Syslog server for log management.

Presumed case for sample setting

  • To acquire information on all event types

  • To set the level of Syslog to Info level and acquire more number of logs

  • To transfer Syslog information to external Syslog server “192.168.3.3”

  • To save Syslogs also in the machine

Command to be entered with CLI

set system syslog host 192.168.3.3 facility all level 'info'

Note

The Info level checked above is the level which allows to acquire more amount of information Because a lot of logs including normal-level information and critical information are acquired, properly set the Severity level when making Syslog setting. The default of the Severity level is warning.

The configuration after completion of appropriate settings is as follows.
system {
        syslog {
                global {
                        facility all {
                                level info
                        }
                }
                host 192.168.3.3 {
                        facility all {
                                level info
                        }
                }
        }
}

Operation check result

It is possible to check that logs have been transferred to the destination Syslog server.
#Syslog Serve Logs

 [root@mgmt-centos rsyslog]# tail -F fw01_syslog.log
 Mar 16 13:00:54 FW01 dataplane[2003]: fw rule from_internal:10000 block other(112) src=dp0s4/0:0:5e:0:1:3/172.16.92.179 dst=/1:0:5e:0:0:12/224.0.0.18 len=40 ttl=255
 Mar 16 13:00:54 FW01 dataplane[2003]: fw rule from_internal:10000 block other(112) src=dp0s4/0:0:5e:0:1:3/172.16.92.178 dst=/1:0:5e:0:0:12/224.0.0.18 len=40 ttl=255
 Mar 16 13:00:54 FW01 dataplane[2003]: fw rule from_internal:10000 block other(112) src=dp0s4/0:0:5e:0:1:3/172.16.92.179 dst=/1:0:5e:0:0:12/224.0.0.18 len=40 ttl=255

Note

To use of the Syslog server, use the application and settings which are appropriate to the operational environment.