cancel
Showing results for 
Search instead for 
Did you mean: 

SNMP - Netsight - EXOS - Configuration

SNMP - Netsight - EXOS - Configuration

Anonymous
Not applicable
Hi,

Have a bunch of questions surrounding configuring SNMP in EXOS in Netsight, and is an extention of the following thread:

https://community.extremenetworks.com/extreme/topics/mixed-legacy-enterasys-s-k-n-c-and-extreme-sysl...

1st Question:

Should I set the severity to Debug-Data as the answer in the above thread implies. This leads to the question:

The three severity levels for extended debugging—Debug-Summary, Debug-Verbose, and Debug-Data—require that log debug mode be enabled (which may cause a performance degradation).

So just checking its safe to use the debug-data severity with debug mode enabled on all switchs?

My assumption is that for general syslogging you would just use a severity of 'info' and just use this as a temporary measure?

2nd Question:

What should the format be in the target command as per example configuration below, in order for Netsight to format the information correctly when using the default Netsight Syslog pattern:

configure syslog add 10.58.195.5:514 vr VR-Mgmt local0
enable log target syslog 10.58.196.5:514 vr VR-Mgmt local0
configure log target syslog 10.58.196.5:514 vr VR-Mgmt local0 filter DefaultFilter severity Debug-Data
configure log target syslog 10.58.196.5:514 vr VR-Mgmt local0 match Any
configure log target syslog 10.58.196.5:514 vr VR-Mgmt local0 format timestamp seconds date Mmm-dd event-name none priority tag-name

3rd Question:

Currently have the configuration set as above but with the severity set to notify, but in Netsight the logging entries are being serialised into a single entry separated by , where xxx is a number. The serialisation can be a string of different messages at different times and of varying lengths.

This is proving an issue because you are unable to identify the different log entries when there grouped together instead of one per line.

Many thanks in advance.

7 REPLIES 7

Anonymous
Not applicable
Ok, so finally sussed out what looks like the serialisation of the logs (Question 3) ....

The Syslog Pattern being used by default is the 'Netsight Syslog Pattern', which is as follows:

<%pri%>%month%\w%day%\w%time%\w%ip%\w%info%

So the delimiter I was talking about , is actually the priority as given in the pattern above as <%pri%>.

So the logging is working I suspect as designed, in that when you get a single long log the message is displayed and separated by the priority, so the example given in this thread and below is presented in Netsight syslog as:

10.10.89.249 21 22:50:25 10.10.89.249-1 SIM[107539288]: hwutils.c(2128) 63450 %% Fan 2 has failed. < 162>Apr 16 07:19:14 10.10.89.249 10.10.89.249 21 22:50:29 10.10.89.249-1 SIM[107539288]: hwutils.c(2128) 63451 %% Fan 2 has failed. <162>Apr 16 07:19:40 10.10.89.249 10.10.89.249 21 22:50:55 10.10.89.249-1 SIM[107539288]: hwutils.c(2128) 63452 %% Fan 2 has failed. <165>Apr 16 06:19:52 10.10.39.253 10.10.39.253 VIOLATION: port fe.4.7 DOWN - 1 in 60 seconds

Just for information I created a new pattern by just appending the above default pattern with <%pri%>%/event%, so the first message displays in the information (no extras) and the severity column displays correctly and the additional messages appear in the 'events' column.

<%pri%>%month%\w%day%\w%time%\w%ip%\w%info%<%pri%>%/event%

Anonymous
Not applicable
Hi Frank,

Thanks for getting back to me.

I'm currently using the 'Netsight Syslog Pattern', which is the default one I believe. Problem is that I am running both Enterasys and Extreme. On a previous release of Netsight I could only get Extreme switchs logging with the Syslog pattern of 'Redhat Linux syslog Pattern' and the Enterasys using the 'Netsight Syslog Pattern', but couldn't find anything that would display both correctly.

Since upgrading to Netsight 6.2.0.199, I can now correctly see syslogging for both Enterasys and Extreme using the 'Netsight Syslog Pattern'.

Problem I have now is logs are showing serialised data separated by a , regardless of whether it is Enterasys or Extreme.

It seems to me that Netsight is struggling with delaminating the logs separated by , with the following message:

015-04-16 13:37:30,107 DEBUG [com.enterasys.netsight.api.eventlog.EventCustomParser] java.lang.NumberFormatException: For input string: "<165"

Could be wrong, could be a bug, a setting or configuration - hence why I have asked all three questions so I can get a definitive answer as to what truly should be configured / set - pity Netsight can't configure syslog from Console like you can on the Enterasys switchs, least you know what the definitive configuration should be!

Question I have for you looking at your configuration is that I notice you have your severity set to 'Debug-Data', do you have 'enable log debug-mode' configured?

I ask as it was one of my questions and I keep getting conflicting answers to it:

  • Should I use severity 'Debug-Data'?
  • In order to use it I have to configure 'enable log debug-mode'?
  • Config guide says this "may cause a performance degradation"?
My theory was I would only use a severity of 'Debug-Date' as a last resort for debugging?

Many thanks.

Frank_Thomas
Extreme Employee
In Regards to your second question:
Which Syslog pattern are you using? I can't remember if the Ubuntu one is default

2ea497267b434bfda57dbf86c4ac7cfe_RackMultipart20150416-16915-1iwudx8-syslogconfig_inline.png



If you hit the config button It'll tell you the pattern it's matching via

2ea497267b434bfda57dbf86c4ac7cfe_RackMultipart20150416-3430-dotwr4-syslogconfig2_inline.png



This is what I'm using:

configure syslog add %IP:514 vr VR-Mgmt local7
enable log target syslog %IP:514 vr VR-Mgmt local7
configure log target syslog %IP:514 vr VR-Mgmt local7 filterlter severity Debug-Data
configure log target syslog %IP:514 vr VR-Mgmt local7 match Any
configure log target syslog %IP:514 vr VR-Mgmt local7 format timestamp seconds date Mmm-dd event-name none severity priority tag-name

Anonymous
Not applicable
Here is a capture of the event log on Netsight, in respect of the serialisation of logs. Wonder if the first line where - For input string: "<165" - is the problem, as its not recognising the format?

015-04-16 13:37:30,107 DEBUG [com.enterasys.netsight.api.eventlog.EventCustomParser] java.lang.NumberFormatException: For input string: "<165"

2015-04-16 13:37:30,108 DEBUG [com.enterasys.netsight.api.eventlog.EventEntry] new event entry id generated: 16324

2015-04-16 13:37:30,534 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm Config Upload Failed does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,534 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm Core Uplink Down Alarm is not in the device group for the event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,534 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: GroupIDs = 8 Event Device ID = 10.10.10.10

2015-04-16 13:37:30,534 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm Device Up does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,535 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm Device Down does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,535 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm Power supply failed does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,535 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm NAC Appliance Up does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,535 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm NAC Appliance Down does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,535 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm Threat Inactive does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,536 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm Threat Active does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,536 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm Fan Failure does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,536 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm AP Radio Change does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,536 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm NAC License Violation does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,536 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm NAC Assessment License Violation Clear does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,536 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm AP Radio OnOff does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,536 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm NAC License Violation Clear does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,536 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm Rogue Inactive does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,536 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm Database Backup Disk Usage does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,536 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm Appliance Disk Usage does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,536 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm NAC Assessment License Violation does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,536 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm AC Power Lost does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,536 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm AC Power Recovered does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,536 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm IPMI Event does not match type for event with message: 10.10.10.10 NOTICE: p ort fe.6.20 UP

2015-04-16 13:37:30,536 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm Rogue Active does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,536 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm NAC Lost Contact with Switch does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,536 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm NAC Lost Contact with Switch Clear does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,536 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm Drive Fault does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,537 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm Drive Fault Recovered does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,537 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm NAC Lost Contact with RADIUS Server does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,537 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm NAC Lost Contact with RADIUS Server Clear does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,537 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm NAC Lost Partial Contact with Switch does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,537 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm NAC Lost Partial Contact with Switch Clear does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,537 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm NAC RFC 3576 Error Clear does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,537 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm NAC RFC 3576 Error does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,537 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm NAC Database Table Service is up does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,537 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm NAC Database Table Service down does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,537 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm NAC Lost Contact with LDAP Service Clear does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,537 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm NAC Lost Contact with LDAP Service does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,538 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm NAC Lost Partial Contact with LDAP Service Clear does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,538 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm NAC Lost Partial Contact with LDAP Service does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,538 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm NAC RADIUS Requests Warning Threshold Rectified does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,538 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm NAC RADIUS Requests Warning Threshold Exceeded does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,538 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm NAC RADIUS Requests Critical Threshold Rectified does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,538 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkBySeverity: Alarm NAC RADIUS Requests Critical Threshold Exceeded does not match type for event with message: 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,538 DEBUG [com.enterasys.netsight.api.eventlog.EventAlarmDef] matchEventEntry: Severity = true Category = true Type = true

2015-04-16 13:37:30,538 DEBUG [com.enterasys.netsight.api.eventlog.EventAlarmDef] matchEventEntry: Event = true LogManager = false Subnet = true

2015-04-16 13:37:30,538 DEBUG [com.enterasys.netsight.api.eventlog.EventAlarmDef] matchEventEntry: Phrase = false

2015-04-16 13:37:30,539 DEBUG [com.enterasys.netsight.api.eventlog.EventAlarmDef] matchEventEntry: Matches = false for event with message =10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,539 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkByCustomCriteria: Alarm AP In Service not enabled for event with message 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,539 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkByCustomCriteria: Alarm AP Out of Service not enabled for event with message 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,539 DEBUG [com.enterasys.netsight.api.eventlog.EventAlarmDef] matchEventEntry: Severity = true Category = true Type = true

2015-04-16 13:37:30,539 DEBUG [com.enterasys.netsight.api.eventlog.EventAlarmDef] matchEventEntry: Event = true LogManager = false Subnet = true

2015-04-16 13:37:30,539 DEBUG [com.enterasys.netsight.api.eventlog.EventAlarmDef] matchEventEntry: Phrase = false

2015-04-16 13:37:30,539 DEBUG [com.enterasys.netsight.api.eventlog.EventAlarmDef] matchEventEntry: Matches = false for event with message =10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,539 DEBUG [com.enterasys.netsight.server.eventlog.EventAlarmManager] checkByCustomCriteria: Alarm EMAIL TEST not enabled for event with message 10.10.10.10 NOTICE: port fe.6.20 UP

2015-04-16 13:37:30,539 DEBUG [com.enterasys.netsight.api.eventlog.EventAlarmDef] matchEventEntry: Severity = true Category = true Type = true

2015-04-16 13:37:30,539 DEBUG [com.enterasys.netsight.api.eventlog.EventAlarmDef] matchEventEntry: Event = true LogManager = false Subnet = true

2015-04-16 13:37:30,539 DEBUG [com.enterasys.netsight.api.eventlog.EventAlarmDef] matchEventEntry: Phrase = false

The last 5 lines repeat almost continually?

GTM-P2G8KFN