You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Back to Table of Contents

Back to CLI Configure Mode

Back to Operations and Maintenance - CLI

The Event Log object allows you to create event log filters to capture debug, security, system, trace, and accounting events using following parameters:

  • Filter Admin – Filter configuration for each event log type and event class
  • Filter Status – View filter status per each event log type and event class (using the request command)
  • INFO Level Logging Enable – Re-enable INFO level logging if it becomes disabled due to system congestion
  • Platform Audit Logs – View platform audit logs of administrative, privileged, and security actions
  • Subsystem Admin – Filter configuration for each subsystem
  • Type Admin – Event log for configuration items related to each event log type

Filter Admin

Command Syntax

Mandatory parameters required to configure an administrative Event log filter:

% set oam eventLog filterAdmin <node name>
   <event_type: audit | debug | security | system | trace>
   <event_class: audit | callproc | directory | netmgmt | policy |  resmgmt | routing | security | signaling | sysmgmt | trace>

Non-mandatory parameters for Event log filter:

% set oam eventLog filterAdmin <node name> <event_type> <event_class>
   level <critical | info | major | minor | noevents>
   state <off | on>

Command Parameters

Filter Admin Event Log Parameters

Parameter

Length/Range

Description

Mandatory parameters:

filterAdmin

N/A

Event Log Class Filter configuration table.

<node name>

N/A

SBC node name.

<event type>

N/A

The type of event log to configure:

  • audit – System audit data. These files contain a record of all management interactions that modify the state of the system, and includes all the changes made via the CLI and the Netconf interface. These files use .AUD extensions.
  • debug – System debugging data. These files have .DBG extensions.
  • security – Security level events. These files have .SEC extensions.
  • system – System level events. These files have .SYS extensions.
  • trace – System trace data. These files have .TRC extensions.

<event class>

N/A

For each event type, configure one of the following event:

  • audit – Audit subsystem.
  • callproc – Call Processing subsystem.
  • directory – Directory Services subsystem.
  • netmgmt – Network Management subsystem.
  • policy – Policy subsystem.
  • resmgmt – Resource Management subsystem.
  • routing – Network Routing subsystem.
  • security – Security subsystem.
  • signaling – Signaling subsystem.
  • sysmgmt – System Management subsystem.
  • trace – Call Trace subsystem.

level

N/A

Minimum severity level threshold for event logging:

  • critical – log only critical events.
  • info – log all events.
  • major – log major and critical events only.
  • minor – log all events other than info.
  • noevents – do not log any events.

state

N/A

Administrative state of event logging for this event type. Set to “on” if filter entry should take precedence over per-node settings.

  • off (default) – Logging is not activated.
  • on – Logging is activated.

Back To Top

Filter Status

Command Syntax

% request oam eventLog filterStatus <node name>
   <event_type: audit | debug | security | system | trace>
   <event_class: audit | callproc | directory | netmgmt | policy |  resmgmt | routing | security | signaling | sysmgmt | trace>
   resetStats

Command Parameters

Filter Status Event Log Parameters

Parameter

Length/Range

Description

filterStatus

N/A

Event log class filter status table.

<system name>

N/A

SBC system name.

<event type>

N/A

The type of event log:

  • audit – System audit data. These files contain a record of all management interactions that modify the state of the system, and includes all the changes made via the CLI and the Netconf interface. These files use .AUD extensions.
  • debug – System debugging data. These files have .DBG extensions.
  • security – Security level events. These files have .SEC extensions.
  • system – System level events. These files have .SYS extensions.
  • trace – System trace data. These files have .TRC extensions.

<event class>

N/A

Event class for each event type:

  • audit – Audit subsystem.
  • callproc – Call Processing subsystem.
  • directory – Directory Services subsystem.
  • netmgmt – Network Management subsystem.
  • policy – Policy subsystem.
  • resmgmt – Resource Management subsystem.
  • routing – Network Routing subsystem.
  • security – Security subsystem.
  • signaling – Signaling subsystem.
  • sysmgmt – System Management subsystem.
  • trace – Call Trace subsystem.

resetStats

N/A

Use this control to reset the value of Events Filtered column of the filterStatus display.

Back To Top

INFO Level Logging Enable

The active and standby SBC are designed to turn off INFO level logging if the system becomes congested. The "request oam eventLog infoLevelLoggingEnable clearInfoLevelLoggingDisabled" command is used to re-enable INFO level logging once it is disabled. See sonusCpEventLogInfoLevelLoggingDisabledNotfication - MAJOR for associated trap details.

To view INFO LEVEL LOGGING DISABLED state, run the following command.

'show table oam eventLog typeStatus' Example
> show table oam eventLog typeStatus
                                                                                                                    INFO
                                               TOTAL                                                                LEVEL
          CURRENT      FILE     FILE    TOTAL  FILE      FILES    NEXT      LOG                                     LOGGING
TYPE      FILE         RECORDS  BYTES   FILES  BYTES     DROPPED  ROLLOVER  DESTINATION  LAST FILE DROP             DISABLED
------------------------------------------------------------------------------------------------------------------------------
system    1000005.SYS  216      31756   32     1032744   0        0         localDisk    0000-00-00T00:00:00+00:00  false
debug     1000014.DBG  1601     188964  32     27489838  0        0         localDisk    0000-00-00T00:00:00+00:00  false
trace     1000005.TRC  0        128     32     5224      0        0         localDisk    0000-00-00T00:00:00+00:00  false
acct      1000085.ACT  1        202     32     7592      0        0         localDisk    0000-00-00T00:00:00+00:00  false
security  1000005.SEC  7        1047    32     23610     0        0         localDisk    0000-00-00T00:00:00+00:00  false
audit     1000005.AUD  1002     186238  32     4267027   0        0         localDisk    0000-00-00T00:00:00+00:00  false
packet    1000005.PKT  0        128     32     872       0        0         localDisk    0000-00-00T00:00:00+00:00  false 

Command Syntax

% request oam eventLog infoLevelLoggingEnable clearInfoLevelLoggingDisabled

Command Parameter

Info Level Logging Enable Event Log Parameter

Parameter

Description

clearInfoLevelLoggingDisabled

Use this command to re-enable info level logging after it becomes disabled due to system congestion. If this command is executed while the system is still congested, this may cause the system to become further congested.

Only issue this command once system congestion dissipates. The system may become further congested if this command is executed while the system is still congested.

Platform Audit Logs

Command Syntax

% set oam eventLog platformAuditLogs state <disabled | enabled> 

Command Parameters

Platform Audit Logs Parameters

Parameter

Length/Range

Description

platformAuditLogs

N/A

Use this command to enable/disable platform audit logging of administrative, privileged, and security actions.

  • state
    • disabled (default)
    • enabled

Back To Top

Subsystem Admin

Command Syntax

Mandatory parameters required to configure an Event log subsystem event type:

% set oam eventLog subsystemAdmin <system_name> <subsys_ID>

Non-mandatory parameters to configure an Event log subsystem event type:

% set oam eventLog subsystemAdmin <system_name> <subsys_ID>
	infoLogState <disabled | enabled>
	maxEventID <0-4.294967295E9>
	minEventID <0-4.294967295E9>

Command Parameters

Subsystem Admin Event Log Parameters

Parameter

Length/Range

Description

subsystemAdmin

N/A

Subsystem event logging configuration.

Mandatory parameters:

<system_name>

N/A

Name of system.

<subsys_ID>

N/A

The subsystem/task ID. See table below for a list of subsystem IDs. 

Non-mandatory parameters:

infoLogState

N/A

Use this flag to enable/disable event logging of INFO level messages to DBG and SYS logs for   the specified subsystem. By default, infoLogSate is enabled for all subsystems.

  • disabled
  • enabled (default)
  • If infoLogState is disabled for CHM, nothing is written to AUD logs.
  • If infoLogState is disabled for CPX, request commands are not recorded to AUD logs.

maxEventId

N/A

The subsystem's maximum event ID to not filter.

minEventId

N/A

The subsystem's minimum event ID to not filter.

Subsystem IDs

acm     

arma    

asg     

atmrm  

brm    

cam     

cassg   

cc      

chm 

cli     

cmtsg    

cnh     

cpx    

dbug   

diamc     

dnsc    

drm 

ds 

ema     

enm 

fm      

frm    

grm    

gwfe      

gwsg    

h323sg  

icmsvc   

ike     

im     

ipacl  

ipm       

lvm   

mgsg 

mtp2    

mtrm     

ncm    

ncomm  

nim   

nrm     

nrma      

nrs 

ntp     

pathchk  

pes     

pfa    

pipe   

pipehook  

prm     

reserved  

rtcp 

rtm     

scpa     

sec     

sfm    

sg 

sgisdn    

sgisup  

sipfe     

sipsg 

sm      

sma      

ssa     

trm    

xrm 

 

 

Back To Top

Type Admin

Command Syntax

The following syntax applies to the "set oam eventLog typeAdmin" command:

% set oam eventLog typeAdmin <acct | audit | debug | packet |  security | system | trace>
   fileCount <1-1024>
   fileSize <256-65535>
   fileWriteMode <default | optimize>
   filterLevel <critical | info | major | minor | noevents>
   messageQueueSize <2-32>
   renameOpenFiles <disabled | enabled>
   rolloverAction <start | stop>
   rolloverInterval <0-31536000>
   rolloverStartTime <time>
   rolloverType <repetitive | nonrepetitive>
   saveTo <none | disk>
   state <disabled | enabled | rollfile>
   syslogRemoteHost <up to 255 characters>
   syslogRemotePort <1-65535>
   syslogRemoteProtocol <relp | tcp | udp>
   syslogState <disabled | enabled>

Only the Administrator can execute the above command using the "audit" and "security" attributes:

% set oam eventLog typeAdmin audit...
% set oam eventLog typeAdmin security...

The following syntax applies to the "request oam eventLog typeAdmin" command:

% request oam eventLog typeAdmin <acct | audit | debug | packet |  security | system | trace> rolloverLogNow

% request oam filterStatus <card name> <audit | debug | security | system | trace> 
	<audit | callproc | directory | netmgmt | policy | resmgmt | routing | security | signaling | sysmgmt | trace

Only the Administrator can execute the following commands using the "audit" and "security" attributes:

% request oam eventLog typeAdmin audit rolloverLogNow
% request oam eventLog typeAdmin security rolloverLogNow
% request oam eventLog filterStatus <card name> security security resetStats

Back To Top

Command Parameters

Type Admin Event Log Parameters (set command)

Parameter

Length/Range

Description

typeAdmin

N/A

Event Log configuration table for configuration items related to each Event Log type.

<event_type>

N/A

Specifies the type of event log being configured:

  • acct – System account data. These files have .ACT extensions.
  • audit – System audit data. These files contain a record of all management interactions that modify the state of the system. These files have .AUD extensions. It  includes   all the changes made via the CLI and the Netconf interface. (This attribute is only available to an Administrator)
  • debug – System debugging data. These files have .DBG extensions.
  • packet – Packet information details. These files have .PKT extensions. If enabled, stores the packet details to .PKT files.
  • security – Security level events. These files have .SEC extensions. (This attribute is only available to an Administrator)
  • system – System   level events. These files have .SYS extensions.
  • trace – System trace data. These files have .TRC extensions.

fileCount

1-1024

Specifies the number of event log files that will be maintained for this event type. (default = 32).

fileSize

256-65535

Maximum size (in KB) that a single event log file will ever grow to. (default = 2048).

fileWriteMode

N/A

Event log NFS write mode. Options are:

  • default – Log data is written as a 1344-byte packet.
  • optimize – Log data is written as a 8000-byte packet. Optimize write mode results in IP fragmentation but yields better throughput.

filterLevel

N/A

Events that are at least as severe as the designated level will be logged. Options are:

  • critical – log only events of this threshold.
  • info – log every possible event.
  • major – log major and critical events only.
  • minor – log all events other than information.
  • noevents – do not log any events.
The command to set the filterLevel for the acct event log is no longer applicable.

messageQueueSize

2-32

The number of event log message entries to buffer before writing to disk. (default = 10).

renameOpenFiles

N/A

Enable this flag to rename the most recent accounting file with “.ACT.OPEN” extension.

  • disabled (default)
  • enabled

rolloverAction

N/A

Event log rollover actions. Options are:

  • start – Start rollover action.
  • stop – Stop rollover action.

rolloverInterval

0-31536000

Event log rollover interval, in seconds.

rolloverStartTime

N/A

Specifies the start time for event log rollover. The format is CCYY-MM-DDTHH:MM:SS. For example: 2010-01-01T01:01:01

rolloverType

N/A

Event log rollover type. Options are:

  • nonrepetitive (default) – The rollover will occur once at the specified single instance.
  • repetitive – The rollover will occur repeatedly at the specified intervals.

saveTo

N/A

Use flag to specify that the events are saved to disk or not saved.

  • disk (default)
  • none

state

N/A

Specifies the requested state of the given Event Log type.

  • disabled – Logging is not activated.
  • enabled – (default) Logging is activated.
  • rollfile

 Accounting logs cannot be disabled.

syslogRemoteHost

0-255

The remote host where the messages are written to the syslog.

syslogRemotePort

1-65535

Specifies the port to use to send messages to the remote syslog. Default value is 514.

syslogRemoteProtocol

N/A

The protocol to use to send messages to the remote syslog. Options are:

  • relp
  • tcp (default)
  • udp

syslogState

N/A

Enable flag to log events of specified type to syslog.

  • disabled (default)
  • enabled

Type Admin Event Log Parameters (request command)

Parameter

Length/Range

Description

typeAdmin

N/A

Event Log configuration table for configuration items related to each Event Log type.

<event_type>

N/A

Specifies the type of event log to roll over:

  • acct – System account data. These files have .ACT extensions.
  • audit – System audit data. These files contain a record of all management interactions that modify the state of the system. These files have .AUD extensions. It  includes   all the changes made via the CLI and the Netconf interface. (This attribute is only available to an Administrator)
  • debug – System debugging data. These files have .DBG extensions.
  • packet – Packet information details. These files have .PKT extensions. If enabled, stores the packet details to .PKT files.
  • security – Security level events. These files have .SEC extensions. (This attribute is only available to an Administrator)
  • system – System   level events. These files have .SYS extensions.
  • trace – System trace data. These files have .TRC extensions.

rolloverLogNow

N/A

This control is used with request command to perform a roll-over of the specified log immediately.

Back To Top

Command Examples

This example configures event log type “packet” by setting file count to “1”, maximum file size to 256 KB, roll-over interval to 2 seconds, and then enabling the event log but disabling the logging of events to syslog:

% set oam eventLog typeAdmin packet fileCount 1 fileSize 256 rolloverInterval 2 state enabled syslogState disabled
% show oam eventLog typeAdmin packet
   state enabled;
   fileCount 1;
   fileSize 256;
   rolloverInterval 2;
   syslogState disabled;

This example sends the command to request an immediate roll-over:

% request oam eventLog typeAdmin packet rolloverLogNow

This example displays typeAdmin event log details. It has been shortened for brevity.

% show details oam eventLog typeAdmin

typeAdmin system {
    state                enabled;
    fileCount            32;
    fileSize             2048;
    messageQueueSize     10;
    saveTo               disk;
    filterLevel          major;
    rolloverInterval     0;
    rolloverType         nonrepetitive;
    rolloverAction       stop;
    fileWriteMode        default;
    syslogState          disabled;
    syslogRemoteHost     0.0.0.0;
    syslogRemoteProtocol tcp;
    syslogRemotePort     514;
    renameOpenFiles      disabled;
}
typeAdmin debug {
    state                enabled;
    fileCount            32;
    fileSize             2048;
    messageQueueSize     10;
    saveTo               disk;
    filterLevel          info;
    rolloverInterval     0;
    rolloverType         nonrepetitive;
    rolloverAction       stop;
    fileWriteMode        default;
    syslogState          disabled;
    syslogRemoteHost     0.0.0.0;
    syslogRemoteProtocol tcp;
    syslogRemotePort     514;
    renameOpenFiles      disabled;
}
typeAdmin trace {
    state                enabled;
    fileCount            32;
    fileSize             2048;
    messageQueueSize     10;
    saveTo               disk;
    filterLevel          info;
    rolloverInterval     0;
    rolloverType         nonrepetitive;
    rolloverAction       stop;
    fileWriteMode        default;
    syslogState          disabled;
    syslogRemoteHost     0.0.0.0;
    syslogRemoteProtocol tcp;
    syslogRemotePort     514;
    renameOpenFiles      disabled;
}
typeAdmin acct {
    state                enabled;
    fileCount            32;
    fileSize             2048;
    messageQueueSize     10;
    saveTo               disk;
    filterLevel          info;
    rolloverInterval     0;
    rolloverType         nonrepetitive;
    rolloverAction       stop;
    fileWriteMode        default;
    syslogState          disabled;
    syslogRemoteHost     0.0.0.0;
    syslogRemoteProtocol tcp;
    syslogRemotePort     514;
    renameOpenFiles      disabled;
}

Back To Top

  • No labels