SNMP - Netsight - EXOS - Configuration

  • 0
  • 1
  • Question
  • Updated 3 years ago

Hi,

Have a bunch of questions surrounding configuring SNMP in EXOS in Netsight, and is an extention of the following thread:

https://community.extremenetworks.com/extreme/topics/mixed-legacy-enterasys-s-k-n-c-and-extreme-syslogging-in-netsight

1st Question:

Should I set the severity to Debug-Data as the answer in the above thread implies. This leads to the question:

The three severity levels for extended debugging—Debug-Summary, Debug-Verbose, and Debug-Data—require that log debug mode be enabled (which may cause a performance degradation).

So just checking its safe to use the debug-data severity with debug mode enabled on all switchs?

My assumption is that for general syslogging you would just use a severity of 'info' and just use this as a temporary measure?

2nd Question:

What should the format be in the target command as per example configuration below, in order for Netsight to format the information correctly when using the default Netsight Syslog pattern:

 configure syslog add 10.58.195.5:514 vr VR-Mgmt local0
 enable log target syslog 10.58.196.5:514 vr VR-Mgmt local0
 configure log target syslog 10.58.196.5:514 vr VR-Mgmt local0 filter DefaultFilter severity Debug-Data
 configure log target syslog 10.58.196.5:514 vr VR-Mgmt local0 match Any
 configure log target syslog 10.58.196.5:514 vr VR-Mgmt local0 format timestamp seconds date Mmm-dd event-name none priority tag-name

3rd Question:

Currently have the configuration set as above but with the severity set to notify, but in Netsight the logging entries are being serialised into a single entry separated by <xxx>, where xxx is a number. The serialisation can be a string of different messages at different times and of varying lengths.

This is proving an issue because you are unable to identify the different log entries when there grouped together instead of one per line.

Many thanks in advance.

Photo of Martin Flammia

Martin Flammia

  • 6,210 Points 5k badge 2x thumb

Posted 3 years ago

  • 0
  • 1
Photo of Bill Stritzinger

Bill Stritzinger, Alum

  • 6,036 Points 5k badge 2x thumb
Hi Martin...

As to the following...

1. You are correct that using debug mode enabled might have a performance impact depending on the hardware platform you are using so I guess the answer it depends.  As to normal practice, unless you are looking for specific things it is suggested not to have debug mode turned on.

2. You are the third person this week to ask that question to me and on this forum, answer is I dont know but it is on my list to find out.  I plan on preparing a document that you can reference for the syslog as well as suggestions for adding SNMP on XOS for Netsight (you mentioned SNMP above so I thought I would mention that too..)

I will let you know when I have that completed.

Bill
Photo of Martin Flammia

Martin Flammia

  • 6,210 Points 5k badge 2x thumb

Hi Bill, thanks for getting back to me.....

Little more info if it helps. As an example of the serialisation that you see in Netsight syslogs:

10.10.89.249 21 22:50:25 10.10.89.249-1 SIM[107539288]: hwutils.c(2128) 63450 %% Fan 2 has failed.  <162>Apr 16 07:19:14 10.10.89.249 10.10.89.249 21 22:50:29 10.10.89.249-1 SIM[107539288]: hwutils.c(2128) 63451 %% Fan 2 has failed.  <162>Apr 16 07:19:40 10.10.89.249 10.10.89.249 21 22:50:55 10.10.89.249-1 SIM[107539288]: hwutils.c(2128) 63452 %% Fan 2 has failed.  <165>Apr 16 06:19:52 10.10.39.253 10.10.39.253 VIOLATION: port fe.4.7 DOWN - 1 in 60 seconds

This is happening across platforms and firmware versions, and could possibly be due to upgrading to Netsight 6.2.0.199.

Some of the Hardware and Firmware that this is happening on is:

A2H123-14 - 03.03.02.002

C3k172-24 - 06.61.08.0013

EXOS Stack - 15.6.2.12

Photo of Martin Flammia

Martin Flammia

  • 6,210 Points 5k badge 2x thumb

The tile mentions SNMP - should have said syslog, not sure if that can be changed?

Anyhow, thought I would share some brief notes I've created on configuring SNMP in case anyone else comes to this ticket looking for an answer.

Below are the commands to disable / enable the various default groups / users / and communities.

[Enable / disable] snmp access snmpv3
[Enable / disable] snmp access snmp-v1v2c
[Enable / disable] snmp community public / private
[Enable / disable] snmpv3 default-group
[Enable / disable] snmpv3 default-user 

This is what you need to configure a custom read-only SNMPv2 – you can customise the read and notify views (as per further on) the ‘defaultUserView’ is in the switch config by default to get you going.

configure snmpv3 add access V2_User sec-model snmpv2c sec-level noauth read-view "defaultUserView" notify-view "defaultNotifyView"
configure snmpv3 add group V2_Group user V2_ReadOnly sec-model snmpv2c
configure snmpv3 add community "private_name" name "private_name" user "V2_User"
configure snmpv3 add target-params "Filter-Name1" user "V2_User" mp-model snmpv2c sec-model snmpv2c sec-level noauth
configure snmpv3 add mib-view "defaultUserView" subtree 1.0/80 type included

This Is what you need to configure SNMPv3  - you can customise the read, write and notify views (as per further on) the ‘defaultUserView’ is in the switch config by default to get you going.

configure snmpv3 add user V3_User authentication md5 xxxxxxx privacy xxxxxxx
configure snmpv3 add group V3_Group user V3_User sec-model usm
configure snmpv3 add mib-view "AllMib" subtree 1.0/80 type included
configure snmpv3 add access V3_Group sec-model usm sec-level priv read-view "AllMib" write-view "AllMib" notify-view "AllMib"

This is where you configure the SNMP targets and if they are to be in the form of Traps or Informs. This can be customised of which some detail is given further on.

configure snmpv3 add target-addr "Name1" param "Filter-Name1" ipaddress xxx.xxx.xxx.xxx 
configure snmpv3 add target-addr "Name2" param "Filter-Name2" ipaddress xxx.xxx.xxx.xxx
configure snmpv3 add target-params "Filter-Name1" user "V3_user" mp-model snmpv3 sec-model usm sec-level priv
configure snmpv3 add target-params "Filter-Name2" user "V2_User" mp-model snmpv2c sec-model snmpv2c sec-level noauth

This is how you can customise the 'defaultUserView', of which the below omits the ability for the 'private_name' to query SNMP users and accounts.

configure snmpv3 add mib-view "defaultUserView" subtree 1.3.6.1.6.3.16 type excluded
configure snmpv3 add mib-view "defaultUserView" subtree 1.3.6.1.6.3.18 type excluded
configure snmpv3 add mib-view "defaultUserView" subtree 1.3.6.1.6.3.15.1.2.2.1.4 type excluded
configure snmpv3 add mib-view "defaultUserView" subtree 1.3.6.1.6.3.15.1.2.2.1.6 type excluded
configure snmpv3 add mib-view "defaultUserView" subtree 1.3.6.1.6.3.15.1.2.2.1.9 type excluded
configure snmpv3 add mib-view "defaultNotifyView" subtree 1.0 type included

When you us the command:

configure snmpv3 add target-addr "Name1" param "Filter-Name1" ipaddress xxx.xxx.xxx.xxx

If you then do a ‘show config snmp’ you will see the command now looks like this:

configure snmpv3 add target-addr "Name1" param "Filter-Name1" ipaddress xxx.xxx.xxx.xxx transport-port 162 tag-list "defaultNotify
"

The part transport-port 162 tag-list "defaultNotify" is appended to the end by default, which is the default port and notify as shown below:

Notify Name     : defaultNotify
Tag             : defaultNotify
Type            : Trap
Storage Type    : NonVolatile
Row Status      : Active


Total num. of entries in snmpNotifyTable : 2

You can create a new one with the command

configure snmpv3 add notify AllMib tag AllMib type inform

Of which the output is now:

Slot-1 # show snmpv3 notify

 
Notify Name     : AllMib
Tag             : AllMib
Type            : Inform
Storage Type    : NonVolatile
Row Status      : Active


Notify Name     : defaultNotify
Tag             : defaultNotify
Type            : Trap
Storage Type    : NonVolatile
Row Status      : Active

Total num. of entries in snmpNotifyTable : 2


(Edited)
Photo of Martin Flammia

Martin Flammia

  • 6,210 Points 5k badge 2x thumb

Here is a capture of the event log on Netsight, in respect of the serialisation of logs. Wonder if the first line where - For input string: "<165" - is the problem, as its not recognising the format?


015-04-16 13:37:30,107 DEBUG [com.enterasys.netsight.api.eventlog.EventCustomParser] java.lang.NumberFormatException: For input string: "<165"

2015-04-16 13:37:30,108 DEBUG [com.enterasys.netsight.api.eventlog.EventEntry] new event entry id generated: 16324

2015-04-16 13:37:30,534 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm Config Upload Failed does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,534 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm Core Uplink Down Alarm is not in the device group for the event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,534 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: GroupIDs = 8 Event Device ID =  10.10.10.10

2015-04-16 13:37:30,534 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm Device Up does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,535 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm Device Down does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,535 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm Power supply failed does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,535 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm NAC Appliance Up does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,535 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm NAC Appliance Down does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,535 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm Threat Inactive does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,536 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm Threat Active does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,536 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm Fan Failure does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,536 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm AP Radio Change does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,536 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm NAC License Violation does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,536 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm NAC Assessment License Violation Clear does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,536 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm AP Radio OnOff does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,536 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm NAC License Violation Clear does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,536 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm Rogue Inactive does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,536 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm Database Backup Disk Usage does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,536 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm Appliance Disk Usage does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,536 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm NAC Assessment License Violation does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,536 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm AC Power Lost does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,536 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm AC Power Recovered does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,536 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm IPMI Event does not match type for event with message: 10.10.10.10 NOTICE: p ort fe.6.20 UP

2015-04-16 13:37:30,536 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm Rogue Active does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,536 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm NAC Lost Contact with Switch does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,536 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm NAC Lost Contact with Switch Clear does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,536 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm Drive Fault does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,537 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm Drive Fault Recovered does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,537 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm NAC Lost Contact with RADIUS Server does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,537 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm NAC Lost Contact with RADIUS Server Clear does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,537 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm NAC Lost Partial Contact with Switch does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,537 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm NAC Lost Partial Contact with Switch Clear does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,537 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm NAC RFC 3576 Error Clear does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,537 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm NAC RFC 3576 Error does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,537 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm NAC Database Table Service is up does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,537 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm NAC Database Table Service down does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,537 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm NAC Lost Contact with LDAP Service Clear does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,537 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm NAC Lost Contact with LDAP Service does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,538 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm NAC Lost Partial Contact with LDAP Service Clear does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,538 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm NAC Lost Partial Contact with LDAP Service does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,538 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm NAC RADIUS Requests Warning Threshold Rectified does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,538 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm NAC RADIUS Requests Warning Threshold Exceeded does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,538 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm NAC RADIUS Requests Critical Threshold Rectified does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,538 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm NAC RADIUS Requests Critical Threshold Exceeded does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,538 DEBUG [com.enterasys.netsight.api.eventlog.EventAlarmDef] matchEventEntry: Severity = true Category = true Type = true

2015-04-16 13:37:30,538 DEBUG [com.enterasys.netsight.api.eventlog.EventAlarmDef] matchEventEntry: Event = true LogManager = false Subnet = true

2015-04-16 13:37:30,538 DEBUG [com.enterasys.netsight.api.eventlog.EventAlarmDef] matchEventEntry: Phrase = false

2015-04-16 13:37:30,539 DEBUG [com.enterasys.netsight.api.eventlog.EventAlarmDef] matchEventEntry: Matches = false for event with message =10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,539 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkByCustomCriteria: Alarm AP In Service not enabled for event with message 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,539 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkByCustomCriteria: Alarm AP Out of Service not enabled for event with message 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,539 DEBUG [com.enterasys.netsight.api.eventlog.EventAlarmDef] matchEventEntry: Severity = true Category = true Type = true

2015-04-16 13:37:30,539 DEBUG [com.enterasys.netsight.api.eventlog.EventAlarmDef] matchEventEntry: Event = true LogManager = false Subnet = true

2015-04-16 13:37:30,539 DEBUG [com.enterasys.netsight.api.eventlog.EventAlarmDef] matchEventEntry: Phrase = false

2015-04-16 13:37:30,539 DEBUG [com.enterasys.netsight.api.eventlog.EventAlarmDef] matchEventEntry: Matches = false for event with message =10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,539 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkByCustomCriteria: Alarm EMAIL TEST not enabled for event with message 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,539 DEBUG [com.enterasys.netsight.api.eventlog.EventAlarmDef] matchEventEntry: Severity = true Category = true Type = true

2015-04-16 13:37:30,539 DEBUG [com.enterasys.netsight.api.eventlog.EventAlarmDef] matchEventEntry: Event = true LogManager = false Subnet = true

2015-04-16 13:37:30,539 DEBUG [com.enterasys.netsight.api.eventlog.EventAlarmDef] matchEventEntry: Phrase = false

The last 5 lines repeat almost continually?

Photo of Thomas, Frank

Thomas, Frank, Employee

  • 1,902 Points 1k badge 2x thumb
In Regards to your second question:
Which Syslog pattern are you using? I can't remember if the Ubuntu one is default

If you hit the config button It'll tell you the pattern it's matching via

This is what I'm using:

configure syslog add  %IP:514 vr VR-Mgmt local7
enable log target syslog  %IP:514 vr VR-Mgmt local7
configure log target syslog  %IP:514 vr VR-Mgmt local7 filterlter severity Debug-Data
configure log target syslog  %IP:514 vr VR-Mgmt local7 match Any
configure log target syslog  %IP:514 vr VR-Mgmt local7 format timestamp seconds date Mmm-dd event-name none severity priority tag-name
Photo of Martin Flammia

Martin Flammia

  • 6,210 Points 5k badge 2x thumb

Hi Frank,

Thanks for getting back to me.

I'm currently using the 'Netsight Syslog Pattern', which is the default one I believe. Problem is that I am running both Enterasys and Extreme. On a previous release of Netsight I could only get Extreme switchs logging with the Syslog pattern of 'Redhat Linux syslog Pattern' and the Enterasys using the 'Netsight Syslog Pattern', but couldn't find anything that would display both correctly.

Since upgrading to Netsight 6.2.0.199, I can now correctly see syslogging for both Enterasys and Extreme using the 'Netsight Syslog Pattern'.

Problem I have now is logs are showing serialised data separated by a <xx>, regardless of whether it is Enterasys or Extreme.

It seems to me that Netsight is struggling with delaminating the logs separated by <xx>, with the following message:

015-04-16 13:37:30,107 DEBUG [com.enterasys.netsight.api.eventlog.EventCustomParser] java.lang.NumberFormatException: For input string: "<165"

Could be wrong, could be a bug, a setting or configuration - hence why I have asked all three questions so I can get a definitive answer as to what truly should be configured / set - pity Netsight can't configure syslog from Console like you can on the Enterasys switchs, least you know what the definitive configuration should be!

Question I have for you looking at your configuration is that I notice you have your severity set to 'Debug-Data', do you have 'enable log debug-mode' configured?

I ask as it was one of my questions and I keep getting conflicting answers to it:

  • Should I use severity 'Debug-Data'?
  • In order to use it I have to configure 'enable log debug-mode'?
  • Config guide says this "may cause a performance degradation"?

My theory was I would only use a severity of 'Debug-Date' as a last resort for debugging?

Many thanks.

Photo of Martin Flammia

Martin Flammia

  • 6,210 Points 5k badge 2x thumb

Ok, so finally sussed out what looks like the serialisation of the logs (Question 3) ....

The Syslog Pattern being used by default is the 'Netsight Syslog Pattern', which is as follows:

 <%pri%>%month%\w%day%\w%time%\w%ip%\w%info%

So the delimiter I was talking about <xx>, is actually the priority as given in the pattern above as <%pri%>.

So the logging is working I suspect as designed, in that when you get a single long log the message is displayed and separated by the priority, so the example given in this thread and below is presented in Netsight syslog as:

10.10.89.249 21 22:50:25 10.10.89.249-1 SIM[107539288]: hwutils.c(2128) 63450 %% Fan 2 has failed.  < 162>Apr 16 07:19:14 10.10.89.249 10.10.89.249 21 22:50:29 10.10.89.249-1 SIM[107539288]: hwutils.c(2128) 63451 %% Fan 2 has failed.  <162>Apr 16 07:19:40 10.10.89.249 10.10.89.249 21 22:50:55 10.10.89.249-1 SIM[107539288]: hwutils.c(2128) 63452 %% Fan 2 has failed.  <165>Apr 16 06:19:52 10.10.39.253 10.10.39.253 VIOLATION: port fe.4.7 DOWN - 1 in 60 seconds

Just for information I created a new pattern by just appending the above default pattern with <%pri%>%/event%, so the first message displays in the information (no extras) and the severity column displays correctly and the additional messages appear in the 'events' column.

<%pri%>%month%\w%day%\w%time%\w%ip%\w%info%<%pri%>%/event%

(Edited)