beautypg.com

Enterasys Networks CSX6000 User Manual

Page 403

background image

Central Site Remote Access Switch 403

C

ONFIGURING

O

THER

A

DVANCED

O

PTIONS

Log Options

the ease of data retrieval

the management of a multi-node site; all nodes can send their log messages to a central log serv-
er

Offnode log servers must be accessible via the system’s LAN port; they cannot be accessed via the
WAN. In addition, it is recommended that the log servers either be located on the same LAN
segment as the system, or that a static route be defined for the log server. If a routing protocol such
as RIP is used to establish a route to the log server, the server will be unavailable for the first 90 to
180 seconds after loading the system — until the route is established. This will cause log messages
to be lost that are generated in the first 90 to 180 seconds of operation.

When we use the term UNIX Syslog Server, we are, more precisely, referring to the “syslogd”
daemon running on a UNIX system. Syslogd reads and forwards messages to the appropriate log
files and devices depending upon its configuration. Refer to your UNIX system documentation for
more information on syslogd.

Each log message sent to a syslogd server has a priority tag associated with it. The priority tag is
encoded as a combination: facility.level. The facility identifies the part of the system creating the log
message and the level describes the severity of the condition which caused the log message to be
written.

When sending a log message to a Syslog Server, the message is formatted as an ASCII string with
the first item in the string being the syslog priority enclosed in angle brackets. The priority is
presented as a decimal value, not a hexadecimal value. For example, to log the string “CDR
VERIFY” with a priority of authentication.info, the priority (26 hex) would be converted to 38
decimal and the Syslog Server would be sent the string “<38> CDR VERIFY”. The Syslog daemon
will use the priority of 38 (26 hex) to determine where the message should be sent or stored. The
string “CDR VERIFY” will then be sent to that destination.

The priority tag is implemented as an 8 bit hexadecimal integer. The low order three bits contain
the severity level; the high order 5 bits contain the facility. Thus, for a convenient example, level
info is encoded as the value 6 and facility authentication is encoded as the value 4 (in BSD UNIX
v4.3). These two fields are combined as follows:

level ‘6’

=> 06 hex

facility ‘4’ shifted left 3 bits to use the high order 5 bits

=> 20 hex

bitwise OR the two values together

=> 26 hex

In result, priority of authentication.info is encoded as 26 hex.

Note:

Because the values for both the facilities and the severity levels may vary from one version
of UNIX to the next, the system allows you to set the entire priority value as an integer. This
integer will be prepended to all messages sent to the Syslog Server.

One of the sources from which syslogd accepts log messages is UDP port 514. This is the access
point that a subsystem uses when logging to a Syslog Server. The subsystem sends its log messages
to UDP port 514 at the server’s IP address.

Syslog Servers use UDP which is a datagram service. When a datagram is sent to a Syslog Server,
there is no acknowledgment that the datagram was properly received. To reduce the possibility of
lost data, two Syslog Servers may be used. The two resulting log files can be compared to detect
missing data in one or the other.

This manual is related to the following products: