Event log overview – Allied Telesis AT-S63 User Manual

Page 260

background image

Chapter 13: Event Logs and Syslog Servers

260

Section II: Advanced Operations

Event Log Overview

A managed switch is a complex piece of computer equipment that
includes both hardware and software. Multiple software features operate
simultaneously, interoperating with each other and processing large
amounts of network traffic. It is often difficult to determine exactly what is
happening when a switch appears not to be operating normally, or what
happened when the problem occurred.

A network manager’s major task is to monitor the system functions and to
deal with problems as they arise. One method for doing this is to view the
event messages that are generated by the switch and stored in the event
logs. These events can provide vital information about system activity on
an AT-9400 Series switch that helps you identify and solve system
problems. Event messages include the following information:

ˆ

The time and date of an event

ˆ

The severity of an event

ˆ

The AT-S63 software module that generated the event

ˆ

A description of the event

There are two ways that you can view a switch’s event messages. One
method is to view the event logs in the switch. The AT-9400 Series switch
has two event logs. The first is located in temporary memory and has a
storage capacity of up to 4,000 entries. The events in this log are purged
whenever you reset or power cycle the switch. The second log is located
in permanent memory and has a maximum storage capacity of 2,000
entries. Events in this log are retained even when the switch is reset or
power cycled. Both logs store the same events messages. You can view
either log to display the events of the switch since the unit was last reset.
But to view the events that preceded a system reset, you must view the
permanent event log.

The second method for viewing the event messages of a switch is to have
the device send its events to a syslog server. The syslog server functions
as a central repository that stores events from many network devices
simultaneously.

In order for a switch to send its events to a syslog server, you must define
the syslog output. The syslog output includes the IP address of the syslog
server along with other information such as the types of event messages
you want the switch to send to the syslog server. You can create up to 19
output definitions on a switch. For instructions, refer to “Configuring Log
Outputs” on page 274.