IOS XR Syslog Messages Sent to Syslog Servers Format

2022-04-15 | No comments

In general, the structure of the syslog messages generated by IOS-XR has the following format:

<PRI><messageid>: <hostname> <linecard>:<datetime>: <process-name>[<process-id>]: %<facility-name>-<severity>-<tag>: <MSG>

  • messageid: The ID number of the message.
  • hostname: The device that generated the message.
  • linecard: The linecard slot.
  • datetime: The time when the message was generated in the format: MMM dd hh:mm:ss.fff or MMM dd hh:mm:ss.fff ZZZ.
  • process-name: The name of the process that generated the mesage.
  • process-id The PID of the process that generated the message.
  • facility-name: The name of the Facility.
  • severify: The value of the Severity.
  • tag: The syslog message tag.
<PRI>

<PRI> 包含两个内容5 bit Facility 和 3 bit Log Level.

Facility 用来表示log信息的来源或者说是log 信息的类别,默认IOS XR设备使用的是LOCAL 7 , id 23。

我们可以在log server 上进行定义不同Facility存储在不同文件中,或者具有不同的format格式, 如下。

[root@server1 ~]# grep  local /etc/rsyslog.conf 
local7.*                                                /var/log/boot.log
local6.*                                                /var/log/syslog

IOS XR中可以修改facility , 命令如下

RP/0/RP0/CPU0:CRS-L(config)#logging  facility     ?
  auth    Authorization system
  cron    Cron/at facility
  daemon  System daemons
  kern    Kernel
  local0  Local use
  local1  Local use
  local2  Local use
  local3  Local use
  local4  Local use
  local5  Local use
  local6  Local use
  local7  Local use
  lpr      Line printer system
  mail    Mail system
  news    USENET news
  sys10   System use
  sys11   System use
  sys12   System use
  sys13   System use
  sys14   Systemcode use
  sys9    System use
  syslog  Syslog itself
  user    User process
  uucp    Unix-to-Unix copy system
  <cr>
<hostname>

默认传递的syslog 中是不包含设备的hostname的,如下是在log server上记录的log,第一行中不包含hostname; 通过在IOS XR 设备上添加配置”logging hostname <WORD>”可以传递自己自定义的hostname,见第二行输出。

Apr 14 23:34:38 10.1.1.1 462388: LC/0/6/CPU0:Apr 15 09:02:48 : plim_xge[301]: %L2-PLIM-4-XFP_WARN_RX_PWR : Interface TenGigE0/6/0/9, RX Low power warning occurred 
Apr 14 23:50:04 10.1.1.1 462620: CRS-L RP/0/RP0/CPU0:Apr 15 09:18:13 : config[65956]: %MGBL-CONFIG-6-DB_COMMIT : Configuration committed by user 'xuxing'. Use 'show configuration commit changes 1000000229' to view the changes.

           

No comments

Comments feed for this article

Reply

Your email address will not be published. Required fields are marked *