In this section:
Overview
Use the Event Log object to create, configure, disable and enable system and subsystem level log files to capture system, security, debug, packet, trace and accounting events. Event Types For each event type, an event class (subsystem) and severity threshold can be configured. Event classes include: The ROLLFILE facility provides a means of closing the active log file and opening a new one with an incremented (name) suffix. This facilitates real-time analysis of system events by performing the analysis on closed, rather than opened and growing, files.
Event Facility System 16 local0 Debug 17 local1 Trace 18 local2 Security 19 local3 Audit 20 local4 Acct 22 local6
The Event Log object allows you to create event log filters to capture debug, security, system, trace, and accounting events using following parameters:
- Filter Admin – Filter configuration for each event log type and event class
- Filter Status – View filter status per each event log type and event class (using the request command)
- INFO Level Logging Enable – Re-enable INFO level logging if it becomes disabled due to system congestion
- Platform Audit Logs – View platform audit logs of administrative, privileged, and security actions
- Subsystem Admin – Filter configuration for each subsystem
- Type Admin – Event log for configuration items related to each event log type
Info
Beginning with release 6.0.0, each user is assigned a dedicated “home” directory (/home/jdoe for user “jdoe”) which is not accessible by other users. This dedicated workspace allows users to upload/download scripts and CLI logs to/from their dedicated workspace without interference from other users as well as preventing inadvertently overwriting other users files.
Secure File Transfer Protocol (SFTP) is supported for application management users to access their home directories and certain group shared directories.
Filter Admin
Command Syntax
Mandatory parameters required to configure an administrative Event log filter:
% set oam eventLog filterAdmin <node name> <event_type: audit | debug | security | system | trace> <event_class: audit | callproc | directory | netmgmt | policy | resmgmt | routing | security | signaling | sysmgmt | trace>
Non-mandatory parameters for Event log filter:
% set oam eventLog filterAdmin <node name> <event_type> <event_class> level <critical | info | major | minor | noevents> state <off | on>
Command Parameters
Filter Admin Event Log Parameters
Parameter | Description |
|---|---|
Mandatory parameters: | |
| Event Log Class Filter configuration table. |
| SBC node name. |
| The type of event log to configure:
|
| For each event type, configure one of the following event:
|
| Minimum severity level threshold for event logging:
Info level logs which are traps or faults are always reported in the system logs. |
| Administrative state of event logging for this event type. Set to “on” if filter entry should take precedence over per-node settings.
|
Filter Status
Command Syntax
% request oam eventLog filterStatus <node name> <event_type: audit | debug | security | system | trace> <event_class: audit | callproc | directory | netmgmt | policy | resmgmt | routing | security | signaling | sysmgmt | trace> resetStats
Command Parameters
Filter Status Event Log Parameters
Parameter | Description |
|---|---|
| Event log class filter status table. |
| SBC system name. |
| The type of event log:
|
| Event class for each event type:
|
| Use this control to reset the value of Events Filtered column of the |
INFO Level Logging Enable
The active and standby SBC are designed to turn off INFO level logging if the system becomes congested. The "request oam eventLog infoLevelLoggingEnable clearInfoLevelLoggingDisabled" command is used to re-enable INFO level logging once it is disabled. See sonusCpEventLogInfoLevelLoggingDisabledNotfication - MAJOR for associated trap details.
To view INFO LEVEL LOGGING DISABLED state, run the following command.
'show table oam eventLog typeStatus' Example
> show table oam eventLog typeStatus
INFO
TOTAL LEVEL
CURRENT FILE FILE TOTAL FILE FILES NEXT LOG LOGGING
TYPE FILE RECORDS BYTES FILES BYTES DROPPED ROLLOVER DESTINATION LAST FILE DROP DISABLED
------------------------------------------------------------------------------------------------------------------------------
system 1000005.SYS 216 31756 32 1032744 0 0 localDisk 0000-00-00T00:00:00+00:00 false
debug 1000014.DBG 1601 188964 32 27489838 0 0 localDisk 0000-00-00T00:00:00+00:00 false
trace 1000005.TRC 0 128 32 5224 0 0 localDisk 0000-00-00T00:00:00+00:00 false
acct 1000085.ACT 1 202 32 7592 0 0 localDisk 0000-00-00T00:00:00+00:00 false
security 1000005.SEC 7 1047 32 23610 0 0 localDisk 0000-00-00T00:00:00+00:00 false
audit 1000005.AUD 1002 186238 32 4267027 0 0 localDisk 0000-00-00T00:00:00+00:00 false
packet 1000005.PKT 0 128 32 872 0 0 localDisk 0000-00-00T00:00:00+00:00 false
Command Syntax
% request oam eventLog infoLevelLoggingEnable clearInfoLevelLoggingDisabled
Command Parameter
Info Level Logging Enable Event Log Parameter
Parameter | Description |
|---|---|
| Use this command to re-enable info level logging after it becomes disabled due to system congestion. If this command is executed while the system is still congested, this may cause the system to become further congested. Only issue this command once system congestion dissipates. The system may become further congested if this command is executed while the system is still congested. |
Platform Audit Logs
Command Syntax
% set oam eventLog platformAuditLogs state <disabled | enabled>
Command Parameters
Platform Audit Logs Parameters
Parameter | Description |
|---|---|
| Use this command to enable/disable platform audit logging of administrative, privileged, and security actions.
|
Subsystem Admin
Command Syntax
Mandatory parameters required to configure an Event log subsystem event type:
% set oam eventLog subsystemAdmin <system_name> <subsys_ID>
Non-mandatory parameters to configure an Event log subsystem event type:
% set oam eventLog subsystemAdmin <system_name> <subsys_ID> infoLogState <disabled | enabled> maxEventID <0-4.294967295E9> minEventID <0-4.294967295E9>
Command Parameters
Subsystem Admin Event Log Parameters
Parameter | Description |
|---|---|
| Subsystem event logging configuration. |
Mandatory parameters: | |
| Name of system. |
| The subsystem/task ID. See table below for a list of subsystem IDs. |
Non-mandatory parameters: | |
| Use this flag to enable/disable event logging of INFO level messages to DBG and SYS logs for the specified subsystem. By default, infoLogSate is enabled for all subsystems.
|
Subsystem IDs
acm | arma | asg | atmrm | brm | cam |
cassg | cc | chm | cli | cmtsg | cnh |
cpx | dbug | diamc | dnsc | drm | ds |
ema | enm | fm | frm | grm | gwfe |
gwsg | h323sg | icmsvc | ike | im | ipacl |
ipm | lvm | mgsg | mtp2 | mtrm | ncm |
ncomm | nim | nrm | nrma | nrs | ntp |
pathchk | pes | pfa | pipe | pipehook | prm |
reserved | rtcp | rtm | scpa | sec | sfm |
sg | sgisdn | sgisup | sipfe | sipsg | sm |
sma | ssa | trm | xrm |
|
|
Type Admin
Command Syntax
The following syntax applies to the "set oam eventLog typeAdmin" command:
% set oam eventLog typeAdmin <acct | audit | debug | packet | security | system | trace> fileCount <1-1024> fileSize <256-65535> fileWriteMode <default | optimize> filterLevel <critical | info | major | minor | noevents> messageQueueSize <2-32> renameOpenFiles <disabled | enabled> rolloverAction <start | stop> rolloverInterval <0-31536000> rolloverStartTime <time> rolloverType <repetitive | nonrepetitive> saveTo <none | disk> state <disabled | enabled | rollfile> syslogRemoteHost <up to 255 characters> syslogRemotePort <1-65535> syslogRemoteProtocol <relp | tcp | udp> syslogState <disabled | enabled>
Only the Administrator can execute the above command using the "audit" and "security" attributes:
% set oam eventLog typeAdmin audit...
% set oam eventLog typeAdmin security...
The following syntax applies to the "request oam eventLog typeAdmin" command:
% request oam eventLog typeAdmin <acct | audit | debug | packet | security | system | trace> rolloverLogNow % request oam filterStatus <card name> <audit | debug | security | system | trace> <audit | callproc | directory | netmgmt | policy | resmgmt | routing | security | signaling | sysmgmt | trace
Only the Administrator can execute the following commands using the "audit" and "security" attributes:
% request oam eventLog typeAdmin audit rolloverLogNow % request oam eventLog typeAdmin security rolloverLogNow % request oam eventLog filterStatus <card name> security security resetStats
Note
The System log displays Info level logs which are traps or faults when the System log filterLevel is configured to log Major and/or Critical events.
Command Parameters
Type Admin Event Log Parameters (set command)
Parameter | Length/Range | Description |
|---|---|---|
| N/A | Event Log configuration table for configuration items related to each Event Log type. |
| N/A | Specifies the type of event log being configured:
Syslog is not supported for |
| 1-1024 | Specifies the number of event log files that will be maintained for this event type. (default = 32). |
| 256-65535 | Maximum size (in KB) that a single event log file will ever grow to. (default = 2048). |
| N/A | Event log NFS write mode. Options are:
|
| N/A | Events that are at least as severe as the designated level will be logged. Options are:
The command to set the
filterLevel for the acct event type is no longer applicable. |
| 2-32 | The number of event log message entries to buffer before writing to disk. (default = 10). |
| N/A | Enable this flag to append an ".OPEN" extension to accounting and files which are open for writing.
You must enable the global callTrace Once |
| N/A | Event log rollover actions. Options are:
|
| 0-31536000 | Event log rollover interval, in seconds. |
| N/A | Specifies the start time for event log rollover. The format is |
| N/A | Event log rollover type. Options are:
|
| N/A | Use flag to specify that the events are saved to disk or not saved.
|
| N/A | Specifies the requested state of the given Event Log type.
Accounting logs cannot be disabled. |
| 0-255 | The remote host where the messages are written to the syslog. |
| 1-65535 | Specifies the port to use to send messages to the remote syslog. Default value is 514. |
| N/A | The protocol to use to send messages to the remote syslog. Options are:
|
| N/A | Enable flag to log events of specified type to syslog.
|
Type Admin Event Log Parameters (request command)
Parameter | Description |
|---|---|
| Event Log configuration table for configuration items related to each Event Log type. |
| Specifies the type of event log to roll over:
|
| This control is used with request command to perform a roll-over of the specified log immediately. |
Command Examples
To view typeAdmin status from the system-level prompt:
Refer to Show Table OAM for additional details.
> show table oam eventLog typeAdmin
MAX
MESSAGE EVENT ROLLOVER FILE SYSLOG SYSLOG SYSLOG RENAME DISK
FILE FILE QUEUE SAVE MEMORY FILTER START ROLLOVER ROLLOVER WRITE SYSLOG REMOTE REMOTE REMOTE OPEN THROTTLE
TYPE STATE COUNT SIZE SIZE TO SIZE LEVEL TIME INTERVAL ROLLOVER TYPE ACTION MODE STATE HOST PROTOCOL PORT FILES LIMIT
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
system enabled 32 2048 10 disk 16 major - 0 nonrepetitive stop default disabled 0.0.0.0 tcp 514 disabled 5000
debug enabled 32 10240 10 disk 16 info - 0 nonrepetitive stop default disabled 0.0.0.0 tcp 514 disabled -
trace enabled 32 2048 10 disk 16 info - 0 nonrepetitive stop default disabled 0.0.0.0 tcp 514 disabled -
acct enabled 32 2048 10 disk 16 major - 0 nonrepetitive stop default disabled 0.0.0.0 tcp 514 disabled -
security enabled 32 2048 10 disk 16 major - 0 nonrepetitive stop default disabled 0.0.0.0 tcp 514 disabled -
audit enabled 32 2048 10 disk 16 minor - 0 nonrepetitive stop default disabled 0.0.0.0 tcp 514 disabled -
packet enabled 32 2048 10 disk 16 major - 0 nonrepetitive stop default disabled 0.0.0.0 tcp 514 disabled -
To configure event log type “packet” by setting file count to “1”, maximum file size to 256 KB, roll-over interval to 2 seconds, and then enabling the event log but disabling the logging of events to syslog:
% set oam eventLog typeAdmin system fileCount 1 fileSize 256 rolloverInterval 2 state enabled syslogState disabled % show oam eventLog typeAdmin system state enabled; fileCount 1; fileSize 256; rolloverInterval 2; syslogState disabled;
To send the command to request an immediate roll-over:
% request oam eventLog typeAdmin system rolloverLogNow
To display typeAdmin event log details. It has been shortened for brevity.
% show details oam eventLog typeAdmin
typeAdmin system {
state enabled;
fileCount 32;
fileSize 2048;
messageQueueSize 10;
saveTo disk;
filterLevel major;
rolloverInterval 0;
rolloverType nonrepetitive;
rolloverAction stop;
fileWriteMode default;
syslogState disabled;
syslogRemoteHost 0.0.0.0;
syslogRemoteProtocol tcp;
syslogRemotePort 514;
renameOpenFiles disabled;
}
typeAdmin debug {
state enabled;
fileCount 32;
fileSize 2048;
messageQueueSize 10;
saveTo disk;
filterLevel info;
rolloverInterval 0;
rolloverType nonrepetitive;
rolloverAction stop;
fileWriteMode default;
syslogState disabled;
syslogRemoteHost 0.0.0.0;
syslogRemoteProtocol tcp;
syslogRemotePort 514;
renameOpenFiles disabled;
}
typeAdmin trace {
state enabled;
fileCount 32;
fileSize 2048;
messageQueueSize 10;
saveTo disk;
filterLevel info;
rolloverInterval 0;
rolloverType nonrepetitive;
rolloverAction stop;
fileWriteMode default;
syslogState disabled;
syslogRemoteHost 0.0.0.0;
syslogRemoteProtocol tcp;
syslogRemotePort 514;
renameOpenFiles disabled;
}
...
Overview
Content Tools