System Logging Protocol (Syslog)

By default switch sends out syslog to syslog server with all severity levels.

Example model & SONiC version:

  • Aurora 710
  • Netberg SONiC: SONiC-OS-202111.0-20230321.

Local syslog

All the messages are stored in the syslog file in /var/log. Users can view it by issuing the “sudo cat syslog” command.

This SONiC CLI command displays all the available log messages.

admin@sonic:~$ show logging

Please use the -f or -follow flag to follow the live logging.

admin@sonic:~$ show logging --follow

Remote syslog server

Netberg SONiC syslog
Figure 1. Network topology

Prerequisite:

Check your network addresses and ensure connectivity between systems.

admin@sonic:~$ sudo config syslog add 192.168.0.1
Running command: systemctl reset-failed rsyslog-config rsyslog
Running command: systemctl restart rsyslog-config

Adjust the severity level for the remote syslog server

The syslog configuration file location is /usr/share/sonic/templates/rsyslog.conf.j2

Value

Severity

Keyword

0

Emergency

emerg

1

Alert

alert

2

Critical

crit

3

Error

err

4

Warning

warning

5

Notice

notice

6

Informational

info

7

Debug

debug

Notice and below (levels 0 ~ 5)

admin@sonic:~$ sudo vi /usr/share/sonic/templates/rsyslog.conf.j2
{ % for server in SYSLOG_SERVER % }
*.notice @{{ server }}:514;SONiCFileFormat
{ % endfor % }

Only error level (level 3).

admin@sonic:~$ sudo vi /usr/share/sonic/templates/rsyslog.conf.j2
{% for server in SYSLOG_SERVER %}
*.=error @{{ server }}:514;SONiCFileFormat
{% endfor %}

All severity levels except warnings (levels 0 ~ 7 except 4).

admin@sonic:~$ sudo vi /usr/share/sonic/templates/rsyslog.conf.j2
{% for server in SYSLOG_SERVER %}
*.debug;*.!=warning @{{ server }}:514;SONiCFileFormat
{% endfor %}

Restart syslog service:

admin@sonic:~$ sudo systemctl restart rsyslog-config
NEWS

Latest news