Enterasys Networks CSX6000, CSX5500, CSX7000 manual Central Site Remote Access Switch

CONFIGURING OTHER ADVANCED OPTIONS

Log Options

•the ease of data retrieval

•the management of a multi-node site; all nodes can send their log messages to a central log serv- er

Offnode log servers must be accessible via the system’s LAN port; they cannot be accessed via the WAN. In addition, it is recommended that the log servers either be located on the same LAN segment as the system, or that a static route be defined for the log server. If a routing protocol such as RIP is used to establish a route to the log server, the server will be unavailable for the first 90 to 180 seconds after loading the system — until the route is established. This will cause log messages to be lost that are generated in the first 90 to 180 seconds of operation.

When we use the term UNIX Syslog Server, we are, more precisely, referring to the “syslogd” daemon running on a UNIX system. Syslogd reads and forwards messages to the appropriate log files and devices depending upon its configuration. Refer to your UNIX system documentation for more information on syslogd.

Each log message sent to a syslogd server has a priority tag associated with it. The priority tag is encoded as a combination: facility.level. The facility identifies the part of the system creating the log message and the level describes the severity of the condition which caused the log message to be written.

When sending a log message to a Syslog Server, the message is formatted as an ASCII string with the first item in the string being the syslog priority enclosed in angle brackets. The priority is presented as a decimal value, not a hexadecimal value. For example, to log the string “CDR VERIFY” with a priority of authentication.info, the priority (26 hex) would be converted to 38 decimal and the Syslog Server would be sent the string “<38> CDR VERIFY”. The Syslog daemon will use the priority of 38 (26 hex) to determine where the message should be sent or stored. The string “CDR VERIFY” will then be sent to that destination.

The priority tag is implemented as an 8 bit hexadecimal integer. The low order three bits contain the severity level; the high order 5 bits contain the facility. Thus, for a convenient example, level info is encoded as the value 6 and facility authentication is encoded as the value 4 (in BSD UNIX

In result, priority of authentication.info is encoded as 26 hex.

Note: Because the values for both the facilities and the severity levels may vary from one version of UNIX to the next, the system allows you to set the entire priority value as an integer. This integer will be prepended to all messages sent to the Syslog Server.

One of the sources from which syslogd accepts log messages is UDP port 514. This is the access point that a subsystem uses when logging to a Syslog Server. The subsystem sends its log messages to UDP port 514 at the server’s IP address.

Syslog Servers use UDP which is a datagram service. When a datagram is sent to a Syslog Server, there is no acknowledgment that the datagram was properly received. To reduce the possibility of lost data, two Syslog Servers may be used. The two resulting log files can be compared to detect missing data in one or the other.

Central Site Remote Access Switch 403