System Logging Protocol (Syslog)
Table of Contents
By default switch sends out syslog to syslog server with all severity levels.
Local syslog
All the messages are stored in the syslog file in /var/log. Users can view it by issuing the “sudo cat syslog” command.
This SONiC CLI command displays all the available log messages.
admin@sonic:~$ show loggingPlease use the -f or -follow flag to follow the live logging.
admin@sonic:~$ show logging --followRemote syslog server
Figure 1. Network topology
Prerequisite:
Check your network addresses and ensure connectivity between systems.
admin@sonic:~$ sudo config syslog add 192.168.0.1
Running command: systemctl reset-failed rsyslog-config rsyslog
Running command: systemctl restart rsyslog-configAdjust the severity level for the remote syslog server
The syslog configuration file location is /usr/share/sonic/templates/rsyslog.conf.j2
| Value | Severity | Keyword |
|---|---|---|
| 0 | Emergency | emerg |
| 1 | Alert | alert |
| 2 | Critical | crit |
| 3 | Error | err |
| 4 | Warning | warning |
| 5 | Notice | notice |
| 6 | Informational | info |
| 7 | Debug | debug |
Notice and below (levels 0 ~ 5)
admin@sonic:~$ sudo vi /usr/share/sonic/templates/rsyslog.conf.j2
{ % for server in SYSLOG_SERVER % }
*.notice @{{ server }}:514;SONiCFileFormat
{ % endfor % }Only error level (level 3).
admin@sonic:~$ sudo vi /usr/share/sonic/templates/rsyslog.conf.j2
{% for server in SYSLOG_SERVER %}
*.=error @{{ server }}:514;SONiCFileFormat
{% endfor %}All severity levels except warnings (levels 0 ~ 7 except 4).
admin@sonic:~$ sudo vi /usr/share/sonic/templates/rsyslog.conf.j2
{% for server in SYSLOG_SERVER %}
*.debug;*.!=warning @{{ server }}:514;SONiCFileFormat
{% endfor %}Restart syslog service:
admin@sonic:~$ sudo systemctl restart rsyslog-configSeparating logs
How to separate logs for different events?
The usual problem is the LLDP notification spam in syslog.
Oct 21 06:44:59.770196 sonic INFO lldp#lldp-syncd [lldp_syncd] INFO: Failed to get system capabilities on Ethernet0 (b4:96:91:b3:c7:c9)
Oct 21 06:44:59.770748 sonic INFO lldp#lldp-syncd [lldp_syncd] INFO: Failed to get system capabilities on Ethernet1 (b4:96:91:b3:c7:cb)
Oct 21 06:45:09.819362 sonic INFO lldp#lldp-syncd [lldp_syncd] INFO: Failed to get system capabilities on Ethernet0 (b4:96:91:b3:c7:c9)
Oct 21 06:45:09.820585 sonic INFO lldp#lldp-syncd [lldp_syncd] INFO: Failed to get system capabilities on Ethernet1 (b4:96:91:b3:c7:cb)
Oct 21 06:45:19.867970 sonic INFO lldp#lldp-syncd [lldp_syncd] INFO: Failed to get system capabilities on Ethernet0 (b4:96:91:b3:c7:c9)
Oct 21 06:45:19.869161 sonic INFO lldp#lldp-syncd [lldp_syncd] INFO: Failed to get system capabilities on Ethernet1 (b4:96:91:b3:c7:cb)Users can split the logs and give LLDP its dedicated log file.
Edit the configuration file /etc/rsyslog.d/00-sonic.conf by adding a new set of rules
## LLDP rules
if $programname contains "lldp#" then {
/var/log/lldp.log
stop
}Reboot the system so the changes take effect.
Now the same messages will go to /var/log/lldp.log
