https://community.extremenetworks.com/t5/faqs/how-to-access-the-error-log-current-log-of-a-securestack/m-p/51029#M693 Article ID: 5487 <BR /> <BR /> <B>Products</B><BR /> SecureStack C3, C2, B3, B2, A2<BR /> C5-Series, B5-Series <BR /> <BR /> <B>Related to</B><BR /> Message Log<BR /> Fault Log<BR /> Current.log <BR /> <BR /> <B>Commands</B><BR /> 'show logging buffer'<BR /> 'copy logs/current.log tftp' <BR /> <BR /> <B>Goals</B><BR /> Access the error log<BR /> Extract the current.log file <BR /> <BR /> <B>Solution</B><BR /> <U>Note</U>: For C3/C2/B3/B2 units running f/w x.02.xx.xxxx or higher, A2 units running f/w 2.01.09.0007 or higher, and all C5/B5 units, this information is most simply extracted by issuing a 'show support' and capturing the cli output. However, consider that earlier versions of this firmware will not necessarily display the full configuration (<A href="http://bit.ly/WF7Gd9" target="_blank" rel="nofollow noreferrer noopener">11433</A>), and the 'show support' display includes only data from the manager unit while <I>not</I> reporting BackTrace diagnostics. So if you have firmware lower than stated here, or have a multi-unit stack, or have resets to diagnose; the original extraction method - as explained below - is the best bet. <BR /> <BR /> Note that Backtrace data started appearing as of C3 f/w 1.0040, C2 f/w 5.00.28, B3 f/w 1.00.74, B2 f/w 4.00.22, and A2 f/w 1.04.12, released in 2006-2007. However, full implementation is taking awhile to achieve, again making the original extraction method the best bet. <BR /> <BR /> Here is how to copy and merge the current.log files from all stack units, and TFTP the result off of the SecureStack system as filename 'current.log': <BR /> <BR /> <OL> <LI>On the PC where the extracted file will be stored, start a TFTP Server application (such as NetSight's Remote Administration Tools, or the standalone utility located <A href="https://extremenetworks.box.com/shared/static/5i1mveojni1vygf2bxjb.zip" target="_blank" rel="nofollow noreferrer noopener">here</A>), and leave it running in the background to facilitate the file transfer. </LI><LI>Ensure that you can ping the SecureStack from the PC. For best results, the SecureStack and PC should belong to the same IP subnet. </LI><LI>Optionally, on the SecureStack's cli (<A href="http://bit.ly/1nz0mHs" target="_blank" rel="nofollow noreferrer noopener">5463</A>), type "<B>dir</B>" to display the configuration files and the current.log file to be extracted. </LI><LI>On the SecureStack's cli, type</LI></OL><UL><UL> "<B>copy logs/current.log tftp<I></I>://&lt;<I>PC_ip</I>&gt;/&lt;<I>path</I>&gt;/current.log</B>".</UL>For example: C3(su)-&gt;copy logs/current.log tftp<I></I>://10.20.203.151/C:\tftpboot/current.log<BR /> Gathering logs from members<BR /> File transfer operation completed successfully.<BR /> C3(su)-&gt;</UL>The file can then be viewed with a text editor at the specified destination location on the PC, can be stored there or elsewhere, or can be emailed to Enterasys for analysis. <BR /> Note: It is also possible to omit the full file path; for example...<BR /> <B>copy logs/current.log tftp<I></I>://10.20.203.151/current.log</B><BR /> ...in which case the file will be placed in the TFTP program's default directory. <BR /> <BR /> On the C2 with firmware 3.00.52 and higher, and on the other SecureStack models with any firmware version, this operation will return a composite log file for an entire stack. An abbreviated example follows, to illustrate the organization of such a file. Member Log - Unit 1<BR /> <BR /> &lt;134&gt; JAN 26 06:42:26 STK1 BOOT[268434944]: sysapi.c(1268) 1 %%<BR /> Configuration file fastpath.cfg size is 0 (zero) bytes<BR /> <BR /> . . .<BR /> <BR /> Next Entry Here<BR /> Member Log - Unit 2<BR /> <BR /> &lt;134&gt; JAN 24 10:50:49 STK1 BOOT[268434944]: sysapi.c(1268) 1 %%<BR /> Configuration file fastpath.cfg size is 0 (zero) bytes<BR /> <BR /> . . .<BR /> <BR /> Next Entry Here<BR /> Manager Log - Unit 3<BR /> <BR /> &lt;134&gt; JAN 19 05:25:17 STK1 BOOT[268434944]: sysapi.c(1295) 1 %%<BR /> Configuration file on disk size 1086200 is less than expected size 1319967. <BR /> <BR /> . . .<BR /> <BR /> Next Entry HereThe "&lt;<I>number</I>&gt; %%" string within any given message indicates where the message is logged in terms of log capacity <I>for that unit</I>. In this example, "1 %%" means that the message is at the .1% of log capacity point, "994 %%" would mean that the message is at the 99.4% log capacity point, and numbers exceeding 1000 would mean that the message is logged after having wrapped past the end of the physical log at least once. <BR /> <BR /> For such "filled" logs, a 'dir' output indicates a current.log file size of about 256000 bytes for that unit, and the log is not <I>apparently</I> recording new events. However, since the log file is now in a state whereby by design current message logging has "rolled over" to overwrite the oldest messages archived, current messaging will not be evident unless the user reviews the log to locate the current end-of-thread for that unit. End-of-thread and end-of-file are each designated by a "Next Entry Here" label, so for each unit you will see either one (log has not wrapped) or two (log has wrapped) of them. <BR /> <BR /> It is intended that the current.log never be cleared, so that diagnostics will always be available. Thu, 05 Sep 2013 06:01:00 GMT FAQ_User 2013-09-05T06:01:00Z https://community.extremenetworks.com/t5/faqs/how-to-access-the-error-log-current-log-of-a-securestack/m-p/51029#M693 Article ID: 5487 <BR /> <BR /> <B>Products</B><BR /> SecureStack C3, C2, B3, B2, A2<BR /> C5-Series, B5-Series <BR /> <BR /> <B>Related to</B><BR /> Message Log<BR /> Fault Log<BR /> Current.log <BR /> <BR /> <B>Commands</B><BR /> 'show logging buffer'<BR /> 'copy logs/current.log tftp' <BR /> <BR /> <B>Goals</B><BR /> Access the error log<BR /> Extract the current.log file <BR /> <BR /> <B>Solution</B><BR /> <U>Note</U>: For C3/C2/B3/B2 units running f/w x.02.xx.xxxx or higher, A2 units running f/w 2.01.09.0007 or higher, and all C5/B5 units, this information is most simply extracted by issuing a 'show support' and capturing the cli output. However, consider that earlier versions of this firmware will not necessarily display the full configuration (<A href="http://bit.ly/WF7Gd9" target="_blank" rel="nofollow noreferrer noopener">11433</A>), and the 'show support' display includes only data from the manager unit while <I>not</I> reporting BackTrace diagnostics. So if you have firmware lower than stated here, or have a multi-unit stack, or have resets to diagnose; the original extraction method - as explained below - is the best bet. <BR /> <BR /> Note that Backtrace data started appearing as of C3 f/w 1.0040, C2 f/w 5.00.28, B3 f/w 1.00.74, B2 f/w 4.00.22, and A2 f/w 1.04.12, released in 2006-2007. However, full implementation is taking awhile to achieve, again making the original extraction method the best bet. <BR /> <BR /> Here is how to copy and merge the current.log files from all stack units, and TFTP the result off of the SecureStack system as filename 'current.log': <BR /> <BR /> <OL> <LI>On the PC where the extracted file will be stored, start a TFTP Server application (such as NetSight's Remote Administration Tools, or the standalone utility located <A href="https://extremenetworks.box.com/shared/static/5i1mveojni1vygf2bxjb.zip" target="_blank" rel="nofollow noreferrer noopener">here</A>), and leave it running in the background to facilitate the file transfer. </LI><LI>Ensure that you can ping the SecureStack from the PC. For best results, the SecureStack and PC should belong to the same IP subnet. </LI><LI>Optionally, on the SecureStack's cli (<A href="http://bit.ly/1nz0mHs" target="_blank" rel="nofollow noreferrer noopener">5463</A>), type "<B>dir</B>" to display the configuration files and the current.log file to be extracted. </LI><LI>On the SecureStack's cli, type</LI></OL><UL><UL> "<B>copy logs/current.log tftp<I></I>://&lt;<I>PC_ip</I>&gt;/&lt;<I>path</I>&gt;/current.log</B>".</UL>For example: C3(su)-&gt;copy logs/current.log tftp<I></I>://10.20.203.151/C:\tftpboot/current.log<BR /> Gathering logs from members<BR /> File transfer operation completed successfully.<BR /> C3(su)-&gt;</UL>The file can then be viewed with a text editor at the specified destination location on the PC, can be stored there or elsewhere, or can be emailed to Enterasys for analysis. <BR /> Note: It is also possible to omit the full file path; for example...<BR /> <B>copy logs/current.log tftp<I></I>://10.20.203.151/current.log</B><BR /> ...in which case the file will be placed in the TFTP program's default directory. <BR /> <BR /> On the C2 with firmware 3.00.52 and higher, and on the other SecureStack models with any firmware version, this operation will return a composite log file for an entire stack. An abbreviated example follows, to illustrate the organization of such a file. Member Log - Unit 1<BR /> <BR /> &lt;134&gt; JAN 26 06:42:26 STK1 BOOT[268434944]: sysapi.c(1268) 1 %%<BR /> Configuration file fastpath.cfg size is 0 (zero) bytes<BR /> <BR /> . . .<BR /> <BR /> Next Entry Here<BR /> Member Log - Unit 2<BR /> <BR /> &lt;134&gt; JAN 24 10:50:49 STK1 BOOT[268434944]: sysapi.c(1268) 1 %%<BR /> Configuration file fastpath.cfg size is 0 (zero) bytes<BR /> <BR /> . . .<BR /> <BR /> Next Entry Here<BR /> Manager Log - Unit 3<BR /> <BR /> &lt;134&gt; JAN 19 05:25:17 STK1 BOOT[268434944]: sysapi.c(1295) 1 %%<BR /> Configuration file on disk size 1086200 is less than expected size 1319967. <BR /> <BR /> . . .<BR /> <BR /> Next Entry HereThe "&lt;<I>number</I>&gt; %%" string within any given message indicates where the message is logged in terms of log capacity <I>for that unit</I>. In this example, "1 %%" means that the message is at the .1% of log capacity point, "994 %%" would mean that the message is at the 99.4% log capacity point, and numbers exceeding 1000 would mean that the message is logged after having wrapped past the end of the physical log at least once. <BR /> <BR /> For such "filled" logs, a 'dir' output indicates a current.log file size of about 256000 bytes for that unit, and the log is not <I>apparently</I> recording new events. However, since the log file is now in a state whereby by design current message logging has "rolled over" to overwrite the oldest messages archived, current messaging will not be evident unless the user reviews the log to locate the current end-of-thread for that unit. End-of-thread and end-of-file are each designated by a "Next Entry Here" label, so for each unit you will see either one (log has not wrapped) or two (log has wrapped) of them. <BR /> <BR /> It is intended that the current.log never be cleared, so that diagnostics will always be available. Thu, 05 Sep 2013 06:01:00 GMT https://community.extremenetworks.com/t5/faqs/how-to-access-the-error-log-current-log-of-a-securestack/m-p/51029#M693 FAQ_User 2013-09-05T06:01:00Z