syslog is a network monitoring & management protocol. Syslog allow a network-attached device to report and log error and notification messages either locally or to a Server.
Network Monitoring လုပ္တဲ့ထဲမွာ syslog ကလည္းတစ္ခု အပါအ၀င္ျဖစ္ပါတယ္...Network မွာခ်ိတ္ဆက္ထားတဲ့ devices ေတြရဲ႕ အေျခအေနကို သိေစရန္သံုးပါတယ္။ UDP port 514 ကိုသံုးျပီး Remote Syslog server မွာလည္း log ဖမ္းထားနုိင္ပါတယ္...
ကၽြန္ေတာ္တို႔ ရင္းႏွိီးျပီးသား syslog message ေလးကေတာ့ .....
% SYS-5-Config_I: configured from console by console
SW, router ကို configure တစ္ခုခုလုပ္ျပီးတိုင္း ေပၚလာတဲ့ Message ပါ... ဘာေတြလဲဆိုတာေတာ့ ေသခ်ာသိဖို႔ ေနာက္ပုိုင္း ဆက္ေလ့လာပါမယ္...
SW, router ထဲ ၀င္လိုက္ျပီးဆိုရင္ ေပၚလာတဲ့ ေနာက္ message ေတြက Interface status ေတြပါ...
%LINK-5-CHANGED: Interface FastEthernet0/2, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to up
Syslog message ေတြကို output အေနနဲ႔ device console, VTY connetcion, system buffer ျပီးေတာ့ Syslog server မွာသိမ္းထားနုိင္ပါတယ္..
syslog messages မွာ အဓိက ႏွစ္ပိုင္းရိွပါတယ္၊ Facilities and Severity Level
Severity Level 0 to 7
The list of severity Levels: Highest to Lowest
0 Emergency: system is unusable
1 Alert: action must be taken immediately
2 Critical: critical conditions
3 Error: error conditions
4 Warning: warning conditions
5 Notice: normal but significant condition
6 Informational: informational messages
7 Debug: debug-level messages
Recommended practice is to use the Notice or Informational level for normal messages.
Common Facilities:
* SYS (Operating System)
* IP
* Interface (IF)
* Route Swtich Processor (RSP)
* OSPF
* IP Security (IP Sec)
Severity and Facility ရဲ႕ level detail ကို သိခ်င္ရင္ http://en.wikipedia.org/wiki/Syslog
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Syslog Message ကို အေသးစိတ္ေလ့လာႀကရေအာင္...
syslog format ပံုစံကဒီလိုပါ
% FACILITY-SUBFACILITY-Severity-Mnemonic: message text
% SYS-5-Config_I : configured from console by console
ေရွ႕ဆံုးက Facility SYS - 5 က severity Notice - Mnemonic ဆိုတာ Action report ဘာျဖစ္ခဲ့လဲေျပာတာ : ေနာက္ဆံုးကေတာ့ စာသား message ပါပဲ...
Configuration for syslog
<R1>#conf t
<R1>(config) #logging 10.10.10.1
<R1>(config) #service timestamps debugs datetime msec
<R1>(config) #service timestamps log datetime msec
<R1>(config) #logging facility local3
<R1>(config) #logging trap warning
<R1>#end
<R1>#show logging
logging trap informational # severity level 0 to 7
logging trap debugging # Use the debug level with caution, because it can generate a large amount of syslog traffic in a busy network.
Note
When a level is specified in the logging trap level command, the router is configured to send messages with lower severity levels as well. For example, thelogging trap warning command configures the router to send all messages with the severity warning, error, critical, and emergency. Similarly, the logging trap debug command causes the router to send all messages to the syslog server. Exercise caution while enabling the debug level. Because the debug process is assigned a high CPU priority, using it in a busy network can cause the router to crash.
logging facility 22
logging 10.10.10.1 # remote server မွာ သိမ္း
logging host inside 10.10.1.1 # Log သိမ္းတဲ့အခါ 10.10.1.1 IP နဲ႔ သိမ္းမယ္
logging source-interface Loopback0 # Log သိမ္းတဲ့အခါ loopback IP နဲ႔ သိမ္းမယ္
logging timestamps # syslog မွာ အခ်ိန္ပါထည့္မွတ္ရန္
Router(config)# service timestamps type datetime[msec] [localtime] [show-timezone]
SW-B(config)#service timestamps debug datetime msec
SW-B(config)#service timestamps log datetime msec
http://www.ciscopress.com/articles/article.asp?p=426638&seqNum=3
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
A detailed explanation of the severity Levels:
DEBUG:
Info useful to developers for debugging the app, not useful during operations
INFORMATIONAL:
Normal operational messages - may be harvested for reporting, measuring throughput, etc - no action required
NOTICE:
Events that are unusual but not error conditions - might be summarized in an email to developers or admins to spot potential problems - no immediate action required
WARNING:
Warning messages - not an error, but indication that an error will occur if action is not taken, e.g. file system 85% full - each item must be resolved within a given time
ERROR:
Non-urgent failures - these should be relayed to developers or admins; each item must be resolved within a given time
ALERT:
Should be corrected immediately - notify staff who can fix the problem - example is loss of backup ISP connection
CRITICAL:
Should be corrected immediately, but indicates failure in a primary system - fix CRITICAL problems before ALERT - example is loss of primary ISP connection
EMERGENCY:
A "panic" condition - notify all tech staff on call? (earthquake? tornado?) - affects multiple apps/servers/sites...
##################### END ######################
More detail >>> Refer from >>>
http://en.wikipedia.org/wiki/Syslog
http://www.ciscopress.com/articles/article.asp?p=426638&seqNum=3
Thank You!
No comments:
Post a Comment