Configuring Syslog on the Router
You can use Technician Interface commands to configure syslog on a router. You configure syslog as a sequence of tasks, where some tasks include one or more numbered steps.
The following is an overview of the tasks required to configure syslog on a router:
1. Using the console attached to the router, or using a TELNET connection to the router, open a Technician Interface session.
2. Define a slot mask (a slot map) for loading Syslog on the router.
3. Create the syslog entity on the router.
4. Configure syslog global attributes.
5. Add a remote host to the syslog host table.
6. Add an entity filter to the syslog entity filter table.
7. Return to Task 5 to add another remote host or return to task 6 to add another entity filter for the remote host; otherwise go to Task 8.
8. Save to a file on an NVFS volume the syslog additions to your configuration.
9. Log out of the Technician Interface session.
The paragraphs following in this section describe the syslog configuration sequence in greater detail (to the task and step level).
Following the configuration procedure, this chapter provides an example of syslog configuration, plus definitions of syslog attributes you use during configuration.
Task 1: Logging In to the Router's Technician Interface
For information on how to open a Technician Interface session with a Bay Networks router, refer to Chapter 1.
Task 2: Defining a Slot Mask for Syslog on the Router
Before creating the syslog entity on the router, define a slot mask for syslog. The slot mask identifies the slots on which the system will load and run the syslog entity. At the Technician Interface prompt, enter
$: set wfProtocols.wfSYSLLoad.0 0x7FFE0000;commit
This command enables syslog to run on all slots, regardless of router model.
Next, create the syslog entity on the router.
Task 3: Creating Syslog on the Router
Create the syslog entity in the router configuration, as follows:
set wfSyslog.wfSyslogDelete.0 1;commit
This also enables syslog on the router. (The system sets the attribute wfSyslogDisable, OID = 1.3.6.1.4.1.18.3.3.2.15.1.2, in the syslog base record to a value of 1.)
Next, configure the syslog global attributes.
Task 4: Configuring Syslog Global Attributes
Once you create and enable syslog on the router, you can accept the default values for the wfSyslogMaxHosts and wfSyslogPollTimer attributes, or you can configure a customized value for either attribute. If you want to accept default values for the syslog global attributes, go to Task 5; otherwise, perform the following steps:
1. Configure the maximum number of active hosts served by syslog on the router:
$: set wfSyslog.wfSyslogMaxHosts.0 <1 - 10>;commit
The default setting for wfSyslogMaxHosts is 5 hosts. You can add to the syslog host table more entries than the configured maximum, but syslog forwards messages only to the first "n" active hosts, where n = the current value of wfSyslogMaxHosts.
2. Configure the interval (in seconds) between syslog polling cycles on the router:
$: set wfSyslog.wfSyslogPollTimer.0 <5 - 610000>;commit
The default setting for wfSyslogPollTimer is 5 seconds.
Next, add a remote host to the syslog host table.
Task 5: Adding a Remote Host to the Syslog Host Table
You must define any remote hosts that you want to receive syslog (event) messages from routers in your network.
If this is the first host you are adding to the syslog host table, go to Step 1. Otherwise, you may want to first obtain a list of hosts already configured on the router. To list existing entries in the syslog host table, enter the following command at the Technician Interface prompt:
list -i wfSyslogHostEntry
The list includes the instance IDs (in this case, the IP addresses) of all remote hosts currently defined in the syslog host table.
1. Add a new host entry to the syslog host table, as follows:
$: set wfSyslogHostTable.wfSyslogHostDelete.<host_IP_address> 1 $: commit
This entry informs syslog of a remote host at the destination IP address that you specified.
If you want to accept the default settings for host attributes wfSyslogHostLogFacility (184 = Local7) and wfSyslogHostTimeSeqEnable
(2 = disabled), go to Task 6. Otherwise, continue with Step 2 to configure a customized setting for either attribute.
2. To define the UNIX system facility you want to receive syslog messages from the router, enter the following:
$: set wfSyslogHostTable.wfSyslogHostLogFacility.<host_IP_address><128|136|144|152|160|168|176|184>;commit
3. To optionally enable syslog message time sequencing for the remote host, enter the following:
$: set wfSyslogHostTable.wfSyslogHostTImeSeqEnable.
<host_IP_address> 1;commit
Note: Only hosts represented by entries that are ENABLED (wfSyslogHostDisable =1) and have an operational state of ACTIVE (wfSyslogHostOperState = 1) receive messages from syslog on the router.
Next, add an entity filter for the host entry you just added.
Task 6: Adding an Entity Filter for a Remote Host
Once you define a host in the syslog host table, add (define) an entity-specific message filter for the host.
If this is not the first filter for a given entity and remote host pair, first obtain a list of filter instances, as follows:
list -i wfSyslogEntFltrEntry
From the resulting list of instance IDs (of the form <host_IP_address>.<entity_code>.<filter_index>), determine the next <filter_index> number available to assign to a new filter, for a given <host_IP_address>.<entity_code> pair. The number you assign to the new filter will have a value of +1 higher than the highest <filter_index> in the list.
Now proceed to Step 1.
1. Create a new filter for the desired entity and remote host pair by first creating an entry in the syslog entity filter table, as follows:
$: set WfSyslogEntityFilterTable.WfSyslogEntFltrDelete. <host_IP_address>.<entity_code>.<filter_index> 1;commit <host_IP_address> is the IP address of the desired remote host (a management workstation).
<entity_code> identifies the software entity for which you want syslog to forward event messages to the remote host at the <host_IP_address>.
<filter_index> is the next available index number you can assign to a filter for the desired entity and remote host pair.
2. After you create an entity filter for a specific host, define
·
An event number (or range) and a slot number (or range)
or:
·
A severity mask and a slot number (or range)
Note: The filter remains inactive until you define the event and slot number(s), or the severity mask and slot number(s).
Set entity filter attributes, as follows:
a. To define by event number(s) the event messages you want syslog to select and forward to a specific remote host:
$: set wfSyslogEntFltrEntry.wfSyslogEntFltrLogEvtLowBnd.
<host_IP_address>.<entity_code>.<filter_index> <0 - 255> $: set wfSyslogEntFltrEntry.wfSyslogEntFltrLogEvtUppBnd.
<host_IP_address>.<entity_code>.<filter_index> <0 - 255> $: commit
If you do not want to define filtering by event number(s), accept the default values for event number lower bound (0) and upper bound (255). (Go to Step 2b.) Accepting these default values causes syslog to use only the severity and slot mask criteria for selecting and forwarding messages.
b. Define a severity mask only if you did not already define an event number (or event number range). If you defined an event number or number range, syslog ignores any severity mask for this filter.
To define by severity levels the event messages you want syslog to select and forward to a specific remote host, enter the following:
$: set wfSyslogEntFltrEntry.wfSyslogEntFltrSevMask.
<host_IP_address>.<entity_code>.<filter_index> "<fwitd>" $: commit
c. To also define by slot number(s) the event messages you want syslog to select and forward to a specific remote host, enter the following:
$: set wfSyslogEntFltrEntry.wfSyslogEntFltrSlotLowBnd.
<host_IP_address>.<entity_code>.<filter_index> <0 - 14> $: set wfSyslogEntFltrEntry.wfSyslogEntFltrSlotLowUpp.
<host_IP_address>.<entity_code>.<filter_index> <0 - 14> $: commit
Note: Although the valid range for the slot lower and upper boundaries is 0 to 14, specify only values within the range of actual slot numbers for the model of router you are configuring. Otherwise, the filter will not transition to an active state.
3. Define how router event message severity levels and UNIX system error levels map to one another.
In most cases, you accept the default mapping and go to Task 7. Otherwise, continue with the following instructions to customize the message mapping.
Enter at the Technician Interface prompt the command line(s) appropriate for the message mapping(s) you want to change:
a. Change router FAULT message mapping, as follows:
$: set wfSyslogEntFltrEntry.wfSyslogEntFltrFaultMap.
<host_IP_address>.<entity_code>.<filter_index> <1 - 8>
The default value of wfSyslogEntFltrFaultMap is 3, mapping router FAULT level messages to UNIX system level CRIT messages.
b. Change router WARNING message mapping, as follows:
$: set wfSyslogEntFltrEntry.wfSyslogEntFltrWarningMap.
<host_IP_address>.<entity_code>.<filter_index> <1 - 8>
The default value of wfSyslogEntFltrWarningMap is 5, mapping router WARNING level messages to UNIX system level WARNING messages.
Example:
$: set wfSyslogEntFltrEntry.wfSyslogEntFltrWarningMap 5
The example command maps each Warning level router event message to a Warning level UNIX system error message
c. Change router INFO message mapping, as follows:
$: set wfSyslogEntFltrEntry.wfSyslogEntFltrInfoMap.
<host_IP_address>.<entity_code>.<filter_index> <1 - 8>
The default value of wfSyslogEntFltrInfoMap is 7, mapping router INFO level messages to UNIX system level INFO messages.
d. Change router TRACE message mapping, as follows:
$: set wfSyslogEntFltrEntry.wfSyslogEntFltrTraceMap.
<host_IP_address>.<entity_code>.<filter_index> <1 - 8>
The default value of wfSyslogEntFltrTraceMap is 3, mapping router TRACE level messages to UNIX system level CRIT messages.
e. Change router DEBUG message mapping, as follows:
$: set wfSyslogEntFltrEntry.wfSyslogEntFltrDebugMap.
<host_IP_address>.<entity_code>.<filter_index> <1 - 8>
The default value of wfSyslogEntFltrDebugMap is 8, mapping router DEBUG level messages to UNIX system level DEBUG messages.
Task 7: Adding More Hosts or Entity Filters
You can add more hosts or entity filters to your syslog configuration, as follows:
1. If you have finished adding entity filters for this remote host, and you do not want to add another remote host at this time, go to Task 8. Otherwise, continue with Step 2.
2. If you want to add another entity filter for the same remote host, return to "Task 6: Adding an Entity Filter for a Remote Host." Otherwise, continue with Step 3.
3. If you want to add another remote host to receive syslog messages from the router, return to "Task 5: Adding a Remote Host to the Syslog Host Table."
Task 8: Saving Your Syslog Configuration on the Router
Save to a file on an NVFS volume the syslog additions to your configuration, as follows:
save config <vol>:<filename>
Task 9. Log Out of the Technician Interface
Enter at the Technician Interface command line interface the following command:
$: logout