System Logging Protocol (Syslog)

Table of Contents

Local syslog

Remote syslog

Separating logs

By default switch sends out syslog to syslog server with all severity levels.

Local syslog

All the messages are stored in the syslog file in /var/log. Users can view it by issuing the “sudo cat syslog” command.

This SONiC CLI command displays all the available log messages.

admin@sonic:~$ show logging

Please use the -f or -follow flag to follow the live logging.

admin@sonic:~$ show logging --follow

Remote syslog server

Netberg SONiC System Logging Protocol (Syslog)

Figure 1. Network topology

Prerequisite:

Check your network addresses and ensure connectivity between systems.

admin@sonic:~$ sudo config syslog add 192.168.0.1
Running command: systemctl reset-failed rsyslog-config rsyslog
Running command: systemctl restart rsyslog-config

Adjust the severity level for the remote syslog server

The syslog configuration file location is /usr/share/sonic/templates/rsyslog.conf.j2

ValueSeverityKeyword
0Emergencyemerg
1Alertalert
2Criticalcrit
3Errorerr
4Warningwarning
5Noticenotice
6Informationalinfo
7Debugdebug

Notice and below (levels 0 ~ 5)

admin@sonic:~$ sudo vi /usr/share/sonic/templates/rsyslog.conf.j2
{ % for server in SYSLOG_SERVER % }
*.notice @{{ server }}:514;SONiCFileFormat
{ % endfor % }

Only error level (level 3).

admin@sonic:~$ sudo vi /usr/share/sonic/templates/rsyslog.conf.j2
{% for server in SYSLOG_SERVER %}
*.=error @{{ server }}:514;SONiCFileFormat
{% endfor %}

All severity levels except warnings (levels 0 ~ 7 except 4).

admin@sonic:~$ sudo vi /usr/share/sonic/templates/rsyslog.conf.j2
{% for server in SYSLOG_SERVER %}
*.debug;*.!=warning @{{ server }}:514;SONiCFileFormat
{% endfor %}

Restart syslog service:

admin@sonic:~$ sudo systemctl restart rsyslog-config

Separating logs

How to separate logs for different events?

The usual problem is the LLDP notification spam in syslog.

Oct 21 06:44:59.770196 sonic INFO lldp#lldp-syncd [lldp_syncd] INFO: Failed to get system capabilities on Ethernet0 (b4:96:91:b3:c7:c9)
Oct 21 06:44:59.770748 sonic INFO lldp#lldp-syncd [lldp_syncd] INFO: Failed to get system capabilities on Ethernet1 (b4:96:91:b3:c7:cb)
Oct 21 06:45:09.819362 sonic INFO lldp#lldp-syncd [lldp_syncd] INFO: Failed to get system capabilities on Ethernet0 (b4:96:91:b3:c7:c9)
Oct 21 06:45:09.820585 sonic INFO lldp#lldp-syncd [lldp_syncd] INFO: Failed to get system capabilities on Ethernet1 (b4:96:91:b3:c7:cb)
Oct 21 06:45:19.867970 sonic INFO lldp#lldp-syncd [lldp_syncd] INFO: Failed to get system capabilities on Ethernet0 (b4:96:91:b3:c7:c9)
Oct 21 06:45:19.869161 sonic INFO lldp#lldp-syncd [lldp_syncd] INFO: Failed to get system capabilities on Ethernet1 (b4:96:91:b3:c7:cb)

Users can split the logs and give LLDP its dedicated log file.

Edit the configuration file /etc/rsyslog.d/00-sonic.conf by adding a new set of rules

## LLDP rules
if $programname contains "lldp#" then {
/var/log/lldp.log
stop
}

Reboot the system so the changes take effect.

Now the same messages will go to /var/log/lldp.log

NEWS

Latest news