How to Access the Error Log (current.log) of a SecureStack

  • 1
  • 1
  • Article
  • Updated 5 years ago
  • (Edited)
Article ID: 5487 

Products
SecureStack C3, C2, B3, B2, A2
C5-Series, B5-Series 

Related to
Message Log
Fault Log
Current.log 

Commands
'show logging buffer'
'copy logs/current.log tftp' 

Goals
Access the error log
Extract the current.log file 

Solution
Note: For C3/C2/B3/B2 units running f/w x.02.xx.xxxx or higher, A2 units running f/w 2.01.09.0007 or higher, and all C5/B5 units, this information is most simply extracted by issuing a 'show support' and capturing the cli output. However, consider that earlier versions of this firmware will not necessarily display the full configuration (11433), and the 'show support' display includes only data from the manager unit while not reporting BackTrace diagnostics. So if you have firmware lower than stated here, or have a multi-unit stack, or have resets to diagnose; the original extraction method - as explained below - is the best bet. 

Note that Backtrace data started appearing as of C3 f/w 1.0040, C2 f/w 5.00.28, B3 f/w 1.00.74, B2 f/w 4.00.22, and A2 f/w 1.04.12, released in 2006-2007. However, full implementation is taking awhile to achieve, again making the original extraction method the best bet. 

Here is how to copy and merge the current.log files from all stack units, and TFTP the result off of the SecureStack system as filename 'current.log': 

  1. On the PC where the extracted file will be stored, start a TFTP Server application (such as NetSight's Remote Administration Tools, or the standalone utility located here), and leave it running in the background to facilitate the file transfer.
  2. Ensure that you can ping the SecureStack from the PC. For best results, the SecureStack and PC should belong to the same IP subnet.
  3. Optionally, on the SecureStack's cli (5463), type "dir" to display the configuration files and the current.log file to be extracted.
  4. On the SecureStack's cli, type
        "copy logs/current.log tftp://<PC_ip>/<path>/current.log".
    For example:
    C3(su)->copy logs/current.log tftp://10.20.203.151/C:\tftpboot/current.log
Gathering logs from members
File transfer operation completed successfully.
C3(su)->
The file can then be viewed with a text editor at the specified destination location on the PC, can be stored there or elsewhere, or can be emailed to Enterasys for analysis. 
Note: It is also possible to omit the full file path; for example...
  copy logs/current.log tftp://10.20.203.151/current.log
      ...in which case the file will be placed in the TFTP program's default directory. 

On the C2 with firmware 3.00.52 and higher, and on the other SecureStack models with any firmware version, this operation will return a composite log file for an entire stack. An abbreviated example follows, to illustrate the organization of such a file.
 Member Log - Unit 1

<134> JAN 26 06:42:26 STK1 BOOT[268434944]: sysapi.c(1268) 1 %%
Configuration file fastpath.cfg size is 0 (zero) bytes

. . .

Next Entry Here
Member Log - Unit 2

<134> JAN 24 10:50:49 STK1 BOOT[268434944]: sysapi.c(1268) 1 %%
Configuration file fastpath.cfg size is 0 (zero) bytes

. . .

Next Entry Here
Manager Log - Unit 3

<134> JAN 19 05:25:17 STK1 BOOT[268434944]: sysapi.c(1295) 1 %%
Configuration file on disk size 1086200 is less than expected size 1319967.

. . .

Next Entry Here
The "<number> %%" string within any given message indicates where the message is logged in terms of log capacity for that unit. In this example, "1 %%" means that the message is at the .1% of log capacity point, "994 %%" would mean that the message is at the 99.4% log capacity point, and numbers exceeding 1000 would mean that the message is logged after having wrapped past the end of the physical log at least once. 

For such "filled" logs, a 'dir' output indicates a current.log file size of about 256000 bytes for that unit, and the log is not apparently recording new events. However, since the log file is now in a state whereby by design current message logging has "rolled over" to overwrite the oldest messages archived, current messaging will not be evident unless the user reviews the log to locate the current end-of-thread for that unit. End-of-thread and end-of-file are each designated by a "Next Entry Here" label, so for each unit you will see either one (log has not wrapped) or two (log has wrapped) of them. 

It is intended that the current.log never be cleared, so that diagnostics will always be available.
Photo of FAQ User

FAQ User, Official Rep

  • 13,620 Points 10k badge 2x thumb

Posted 5 years ago

  • 1
  • 1

There are no replies.

This conversation is no longer open for comments or replies.