Configuration of logging in Enterasys switches

For those of you that may wander how to setup logging in the Enterasys switches here is the perfect tutorial for you.

Switch logging defaults

First of all we will need to verify to what level we have already the switch logging. The check the setting use the command show logging defaults. Ignore the port number used as that is used locally by the switch to send the logs to himself.

switch(su)->show logging defaults

                   Facility Severity                          Port

Defaults:          local4 debugging(8)                         514

In the case that you want to modify the logging level on the switch use the command.

set logging default severity <severity level>

The severity level goes from 1 – 8.

1 – (emergencies)
2 – (alerts)
3 – (critical)
4 – (errors)
5 – (warnings)
6 – (notifications)
7 – (information)
8 – (debugging)

For example

switch(su)->set logging default severity 8

Buffer log settings

Enterasys switches can log the messages to either the local buffer of the switch or to a file stored in the flash memory of the switch. To check what option is enabled use the command show logging local.

switch(su)->show logging local

Syslog Console Logging enabled

Syslog File Logging disabled

To change any of the above settings use the command:

switch(su)->set logging local console <enable | disable> file <enable | disable>

To check the actual buffer of the switch and see if anything has being logged use the command:

show logging buffer

Application logging

Now as I mentioned at the beginning of the tutorial you can set up the general logging of the switch using the command set logging default. Now this command is used like a filter of messages you want to record to buffer but the switch has a different levels of logging for each application like CLI, VRRP, etc… I know that I may look a bit confusing at the moment but you will probably pick it up soon.

To check the level at what each application is logging use the command:

show logging application

For example

switch(su)->show logging application

        Application   Current Severity Level Server List
 88     RtrAcl                   8              1-8
 89     CLI                      8              1-8
 90     SNMP                     8              1-8
 91     Webview                  8              1-8
 93     System                   8              1-8
 95     RtrFe                    8              1-8
 96     Trace                    8              1-8
 105    RtrLSNat                 8              1-8
 111    FlowLimt                 8              1-8
 112    UPN                      8              1-8
 117    AAA                      8              1-8
 118    Router                   8              1-8
 140    AddrNtfy                 8              1-8
 141    OSPF                     8              1-8
 142    VRRP                     8              1-8
 145    RtrArpProc               8              1-8
 147    LACP                     8              1-8

1(emergencies)  2(alerts)       3(critical)
4(errors)       5(warnings)     6(notifications)
7(information)  8(debugging)

To set the severity level of an individual application use the command

set logging application <mnemonic | all> level <number>

For example

switch(su)->set logging application vrrp level 8
switch(su)->set logging application all level 8

Now just a quick example so you can understand the relationship between the logging default configuration section and the logging application configuration.

Imagine that you have configured all your applications with a logging level of 8 (debugging) but you have configured the logging defaults to a level of 4 (errors). In this case you will only be able to see in the logging buffer just messages with an error level of 4 or below.

Redirect messages to Syslog server

To redirect the messages logged by the switch to a syslog server use the command.

set logging server <index> ip-addr <ip address> descr <description> state <enable | disable>

For example

switch(su)->set logging server 1 ip-addr descr logging-server state enable

To check the configured logging servers use the command

show logging server

For example

show logging server

  IP Address       Facility Severity        Description       Port Status
 1     local7 debugging(8)      logging-server     514 enabled
 set logging server 1 ?
  ip-addr             The internet address for the syslog message server
  facility            Facility (local0-local7) encoded with messages
  severity            The severity level to log 1=emergency to 8=debug
  descr               Textual string to describe this facility/server
  port                UDP port number client uses to send requests (1-65535)
  state               Enable/disable facility