Friday, July 16, 2021

Generate Syslog messages on Cisco Viptela OS devices

 

Introduction

If you are familiar with IOS XE and system monitoring tools, you might have used the command "send log." We have used this command to test if our syslog gets forwarded to the appropriate server and actions are taken on the server-side (Generate ticket, notify people...etc). In Viptela OS, there is a similar way to generate those syslog messages. In this article, I will show you how I managed to send syslog messages using logger to a remote server from a vEdge in my lab.

 

Logger

From the logger online man page:

https://man7.org/linux/man-pages/man1/logger.1.html 

NAME         

       logger - enter messages into the system log

SYNOPSIS        

       logger [options] [message]

DESCRIPTION        

       logger makes entries in the system log.

       When the optional message argument is present, it is written to
       the log.  If it is not present, and the -f option is not given
       either, then standard input is logged.

 

Generate the log

The reason you want to generate a log is to test if the device is capable of reaching the remote logging server. I am going to demonstrate how I managed to generate a log in the file /var/log/messages and receive that log on a Linux box with logging server.

 

To generate a log, run the command: logger <insert-text> Note: you need to activate the shell by using the vshell command

From vManage:
OmarsVManage# vshell
OmarsVManage:~$ logger Test
OmarsVManage:~$ grep "Test" /var/log/messages
user.notice: Jun 10 13:46:33 OmarsVManage omar: Test
OmarsVManage:~$ 
From Linux box:
[root@localhost 50.0.0.1]# ls
CFGMGR.log confd.log dhclient.log omar.log sshd.log SYSMGR.log
[root@localhost 50.0.0.1]# cat omar.log 
Jun 9 22:17:27 50.0.0.1 omar: Test
[root@localhost 50.0.0.1]#

From the linux box, you can see that there is a file name omar.log. While in the vManage itself, the command logged the message in /var/log/messages, in the remote server it is logged under omar.log. The file is named after the user who generated this log. In other words, because I logged into vMangage with the user "omar" and generated the log, it was logged to omar.log file.

 

Options with logger

To modify the facility.level parameter, you can use the command logger with the option -p <facility.level>.

From vManage:
OmarsVManage# vshell
OmarsVManage:~$ logger "Test with error and local7" -p local7.err
OmarsVManage:~$ grep "Test with error and local7" /var/log/messages
local7.err: Jun 10 14:02:54 OmarsVManage omar: Test with error and local7
OmarsVManage:~$
From Linux box:
[root@localhost 50.0.0.1]# cat omar.log 
Jun 9 22:17:27 50.0.0.1 omar: Test
Jun 9 22:33:48 50.0.0.1 omar: Test with error and local7
[root@localhost 50.0.0.1]#

 

You can also add a Tag to your log using the -t:

 

From vManage:
OmarsVManage# vshell
OmarsVManage:~$ logger -t [TEST] "Test tag"
OmarsVManage:~$ grep "TEST" /var/log/messages
user.notice: Jun 10 14:23:35 OmarsVManage [TEST]: Test tag
OmarsVManage:~$
From Linux box:
[root@localhost 50.0.0.1]# cat omar.log 
Jun 9 22:17:27 50.0.0.1 omar: Test
Jun 9 22:33:48 50.0.0.1 omar: Test with error and local7
[root@localhost 50.0.0.1]# ls
CFGMGR.log confd.log dhclient.log kernel.log _.log omar.log sshd.log SYSMGR.log
[root@localhost 50.0.0.1]# grep "TEST" ./*
./_.log:Jun 9 22:54:29 50.0.0.1 [TEST]: Test tag
[root@localhost 50.0.0.1]#

Note: Not sure why the log was logged to _.log on the remote server. 

at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)