Logging Archive - ASR9K

From DocWiki

Jump to: navigation, search

By default, the logging on the ASR9K will be stored in a 300K buffer. These syslogs are lost if the chassis is reset or loses power. To remedy this, use the archive feature.

Contents

Configuration

Basic Config

This creates a daily folder for logs of severity debugging or higher with a new file every 5 MB. The entire archive is capped at 300MB or 4 weeks, whichever is shorter.

Files stored on harddisk: will survive a reload.

configure
 logging archive
  device harddisk
  severity debugging
  file-size 5
  frequency daily
  archive-size 300
  archive-length 4
 commit

Options

These are the configurable options for archive logging.

RP/0/RSP0/CPU0:ASR9000(config)# logging archive ?
  archive-length  The maximum no of weeks of log to maintain
  archive-size    The total size of the archive
  device          Configure the archive device
  file-size       The maximum file size for a single log file.
  frequency       The collection interval for logs
  severity        The minimum severity of log messages to archive
  threshold       The size threshold at which a syslog is generated
  <cr>

Verification

Logs are kept in harddisk:/var/log

Files are stored in a directory structure YEAR/MONTH/DAY

Change directories to harddisk:/var/log

RP/0/RSP0/CPU0:ASR9000# cd harddisk:/var/log

Topmost folder is the year.

RP/0/RSP0/CPU0:ASR9000# dir

Directory of harddisk:/var/log

3573658     drwx  4096        Sun Jun  5 00:00:00 2016  2016

3082813440 bytes total (2658599936 bytes free)

Change directory to the year folder, then list the contents.

RP/0/RSP0/CPU0:ASR9000# cd 2016
RP/0/RSP0/CPU0:ASR9000# dir

Directory of harddisk:/var/log/2016

3573722     drwx  4096        Sun Jun 12 00:00:00 2016  06
3573723     drwx  4096        Sun Jun  5 00:00:00 2016  05

3082813440 bytes total (2658599936 bytes free)

Change directory to the month folder, then list the contents.

RP/0/RSP0/CPU0:ASR9000# cd 06
RP/0/RSP0/CPU0:ASR9000# dir

Directory of harddisk:/var/log/2016/06

3600634     drwx  4096        Sat Jun 11 00:35:50 2016  05
3600635     drwx  4096        Mon Jun 13 00:35:50 2016  12

3082813440 bytes total (2658599936 bytes free)

Change directory to the day folder, then list the contents.

RP/0/RSP0/CPU0:ASR9000# cd 12
RP/0/RSP0/CPU0:ASR9000# dir

Directory of harddisk:/var/log/2016/06/12

6179002     -rwx  138105      Mon Jun 13 00:00:00 2016  syslog.12.1

Read the syslog for 12-JUNE-2016, using more.

RP/0/RSP0/CPU0:ASR9000# more syslog.12.1
RP/0/RSP0/CPU0:Jun 11 23:08:03 : exec[65785]: %SECURITY-LOGIN-4-AUTHEN_FAILED : Failed authentication attempt by user '<unknown>' from '10.0.0.1' on 'vty0' 
RP/0/RSP0/CPU0:Jun 11 23:08:14 : exec[65785]: %SECURITY-LOGIN-4-AUTHEN_FAILED : Failed authentication attempt by user '<unknown>' from '10.0.0.1' on 'vty0' 
RP/0/RSP0/CPU0:Jun 11 23:35:10 : exec[65950]: %SECURITY-LOGIN-4-AUTHEN_FAILED : Failed authentication attempt by user '<unknown>' from '10.0.0.1' on 'vty0' 
RP/0/RSP0/CPU0:Jun 11 23:35:21 : exec[65950]: %SECURITY-LOGIN-4-AUTHEN_FAILED : Failed authentication attempt by user '<unknown>' from '10.0.0.1' on 'vty0' 
RP/0/RSP0/CPU0:Jun 11 23:35:32 : exec[65950]: %SECURITY-LOGIN-4-AUTHEN_FAILED : Failed authentication attempt by user '<unknown>' from '10.0.0.1' on 'vty0' 
RP/0/RSP0/CPU0:Jun 11 23:35:32 : exec[65950]: %MGBL-exec-3-LOGIN_AUTHEN : Login Authentication failed. Exiting...

[output omitted]

Rating: 5.0/5 (4 votes cast)

Personal tools