Configuring Syslog Servers
Syslog Architecture
System Logging (syslog) is the architecture which produces and sends event information from the UPF over the UDP transport layer to a centralized Event Message Collector. Syslog uses a client/server architecture:
-
Syslog Client: A set of processes running on UPF, which operate as the sending device for event messages.
-
Syslog Server: An external server configured to receive the event messages sent from the UPF.
UPF transports event messages using the Syslog Protocol without expecting acknowledgment of receipt. The system forwards event messages regardless if a Syslog Server is available to receive the messages.
Configuring the System to Sent Event Messages to an External Syslog Server
Information that is generated by the run time event logging filters can be transmitted to a syslog server for permanent storage.
Important | The data transmitted to the Syslog server is meant to be used for informational purposes. Functions such as billing and performance monitoring should not be based on syslogs. |
Important | Although the system provides the flexibility to configure syslog servers on a context-by-context basis, it is recommended that all servers be configured in the local context in order to isolate the log traffic from the network traffic. |
Use the following example to configure syslog servers:
configure
context context_name
logging syslog ip_address [ event-verbosity { min | concise | full } | facility facilities | msg-format { rfc3164 | rfc5424 } | pdu-data { none | hex | hex-ascii } | pdu-verbosity pdu_level | port number | rate value ]
end
NOTES:
-
syslog ip_address : Specifies the IP address of a system log server on the network in IPv4 dotted-decimal or IPv6 colon-separated-hexadecimal notation.
-
event-verbosity { min | concise | full } : Specifies the level of detail to use in logging of events. Detail level must be one of the following:
-
min : Displays minimal detail.
-
concise : Displays summary detail.
-
full : Displays full detail.
-
-
facility facilities : Specifies the local facility for which the system logging server's logging options are applied. Local facility must be one of the following:
-
local0 —Pertains to syslog severity level of 0, Emergency
-
local1 —Pertains to syslog severity level of 1, Alert
-
local2 —Pertains to syslog severity level of 2, Critical
-
local3 —Pertains to syslog severity level of 3, Error
-
local4 —Pertains to syslog severity level of 4, Warning
-
local5 —Pertains to syslog severity level of 5, Notice
-
local6 —Pertains to syslog severity level of 6, Informational
-
local7 —Pertains to syslog severity level of 7, Debug
Default: local7
If local facility is not specified, then local7 is applied by default.
Multiple system log servers can share the logging options of a given local facility. This allows for the logical grouping of system log servers and the options which affect all of those associated with the same local facility.
-
-
msg-format { rfc3164 | rfc5424 } : Configures the message format for each system log server as per RFC3164 or RFC5424. Default: rfc3164.
-
pdu-data { none | hex | hex-ascii } : Specifies output format for packet data units when logged. Format must be one of the following:
-
none : Displays data in raw format.
-
hex : Displays data in hexadecimal format.
-
hex-ascii : Displays data in hexadecimal and ASCII format (similar to a mainframe dump).
-
-
pdu-verbosity pdu_level : Specifies the level of verboseness to use in logging of packet data units as a value from 1 through 5, where 5 is the most detailed.
-
port number : Specifies an alternate port number for the system log server. Default: 514.
number must be an integer value from 1 through 65535.
-
rate value : Specifies the rate at which log entries are allowed to be sent to the system log server. No more than the number specified by value is sent to a system log server within any given one-second interval.
value must be an integer from 0 through 100000. Default: 1000
-
Repeat as necessary to configure extra syslog servers. There is no limit to the number of syslog servers that can be configured.