Use of "DefaultFilter" and beyound!

  • 0
  • 1
  • Question
  • Updated 3 years ago
  • Answered

Is there any documentation on the use of creating filters, includes and excludes for certain situations or debugging.

For example, what to create for debugging or omitting certain events instead of capturing them all (some examples I see are already on this forum), some given below:

  • OSPF
  • VRRP
  • Excludes for link up / down
  • ....List can go on for ever

The event component list is so extensive its often hard to see the 'wood through the trees', or what combination or specific event you need for what.

Is there a list or guide on its proper use, not just the basics on how to configure filtering?

Many thanks in advance.

Photo of Martin Flammia

Martin Flammia

  • 6,108 Points 5k badge 2x thumb

Posted 3 years ago

  • 0
  • 1
Photo of Brandon Clay

Brandon Clay, Escalation Support Engineer

  • 13,304 Points 10k badge 2x thumb
Hi Martin,

One thing that may be helpful is the command "show log counters <component> occurred". 

This will show all log events that have occurred for a specific component, as well as whether they are included in a log filter. I've attached the output for EAPS from a lab switch below.
* M12U31.1 # show log counters eaps occurred
Component   SubComponent Condition               Severity      Occurred I Ntfd
----------- ------------ ----------------------- ------------- -------- - ----
EAPS                     DebugData               Debug-Data      437187 N    0
EAPS                     DebugSummary            Debug-Summary       72 N    0
EAPS                     Notification            Debug-Summary        1 N    0
EAPS                     StopProcLinkStateChg    Debug-Data           4 N    0
EAPS                     StrtProcLinkStateChg    Debug-Data           4 N    0
EAPS                     SyncTrace               Debug-Verbose        4 N    0

Occurred  : # of times this event has occurred since last clear or reboot
Flags     : (*) Not all applications responded in time with their counters
I(ncluded): Set to Y(es) if one or more targets filter includes this event
Notified  : # of times this event has occurred when 'Included' was Y(es)

This can help track down which events are being triggered, so you can add them to a log filter to be sent to a syslog server, for example.

If you create a new log filter, it should have no events added to it, so you can just add the events you want to include.

There is also the EXOS EMS Message Catalog, which includes information regarding specific log events.


-Brandon
Photo of Martin Flammia

Martin Flammia

  • 6,108 Points 5k badge 2x thumb

Thanks for responding Brandon, the information is really useful. By the way, whereabouts would I get information like the 'EMS Message Catalog' as I can't seem to find anything like that through my partner login?

Have some additional questions around this though. When looking though this forum there is an example of some events that can be enabled when debugging OSPF:

 https://community.extremenetworks.com/extreme/topics/how_to_debug_an_ospf_adjacency_problem

Of which I repeat below:

configure log filter "DefaultFilter" add events ospf.event severity debug-summaryconfigure log filter "DefaultFilter" add events ospf.neighbor severity debug-summary
configure log filter "DefaultFilter" add events "ospf.hello.PktInv"
configure log filter "DefaultFilter" add events "ospf.lsa.PktInv
configure log filter "DefaultFilter" add events "ospf.lsa.LSUpdtPktInv"
configure log filter "DefaultFilter" add events "ospf.lsa.DropLenInv"
configure log filter "DefaultFilter" add events "ospf.lsa.CksumInv"

Which it also details where the general 'debug' command hasn't given what you might expect:

 VoIP-MDF-Extreme_V670.2 # debug ospf ?
  show            Show
* VoIP-MDF-Extreme_V670.2 # debug ospf show ?
  epm             Display licence information from epm
* VoIP-MDF-Extreme_V670.2 # debug ospf show epm
Effective license: 2
Switch license:    2
Features:    edgemode,
* VoIP-MDF-Extreme_V670.3 #

So I was generally after something that would give you this level of detail, like if I wanted to debug OSPF (as given above), VRRP, bootprelay, Spanning-tree etc.

My problem is as the catalog details, it has a very extensive events list (which is great) but is so vast that it might be difficult to know what events to use for what.

Might be missing the point and its general practice that you would just work with the default filter and say enable debug-data etc.

Would be useful just to use the debug command with the event/s that your interested, but I assume you can just create a custom filter to say the console?

Photo of Brandon Clay

Brandon Clay, Escalation Support Engineer

  • 13,304 Points 10k badge 2x thumb
The EMS Message Catalog is available on our documentation page.

The debug commands in EXOS are different from what you may expect from a Cisco perspective. These do not enable any additional logging, but are simply additional commands added for use by Engineering for development.

Generally, the best way to get more detailed logging for debugging certain issues is to look at the occurred log counters for that component, and see what is happening that is not included in a log filter and add it.

You can send this to the default filter, or you can create an additional filter and send it to the console or to a syslog server. I've attached a sample config to create a new log filter, add OSPF neighbor and LSA logging, and send it to a syslog server. You could also send this to a CLI session, but generally I would not recommend this, as it can make it difficult to use the CLI, especially with very verbose logging enabled.


create log filter ospf_filter
configure log filter ospf_filter add events ospf.neighbor
configure log filter ospf_filter add events ospf.lsa
configure syslog add 192.0.2.100 local4 
configure log target syslog 192.0.2.100 local4 filter ospf_filter severity debug-verbose
enable log target syslog 192.0.2.100 local4
enable log debug-mode

One more thing to be away of is that any logs with a severity of "debug-data", "debug-summary", or "debug-verbose" will not be generated unless debug logging is configured with the command "enable log debug-mode". Note that this can cause increased CPU utilization.
(Edited)
Photo of Martin Flammia

Martin Flammia

  • 6,108 Points 5k badge 2x thumb
That's brilliant. Thanks for the response Brandon.