This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Extreme Networks
- Community List
- Switching & Routing
- ExtremeSwitching (EXOS/Switch Engine)
- Logging Best Practice - NVRAM vs Syslog
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Logging Best Practice - NVRAM vs Syslog
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
09-18-2023 02:49 AM
Hi Community,
A topic that i think will generate alot of discussion.
What level of logging to implement at the core, dist and edge and does it differ for NVRAM vs a Syslog server?
Solved! Go to Solution.
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
09-18-2023 05:22 AM
The nvram for logging on EXOS switches is small, and is not what you see in show log, nvram is what you see in show log messages nvram and these are the ones that remain after a reboot.
ideally you should have a centralized syslog server like for example XIQ Site Engine, as normal log entries will vanish after some time or after a reboot.
6 REPLIES 6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
yesterday
Some things to consider:
Enable logging of commands excuted in the CLI:
enable cli config-logging
enable cli config-logging expansion
Generic syslogging:
create log filter commandfilter
configure log filter DefaultFilter add exclude events cli.logRemoteCmd
configure log filter DefaultFilter add exclude events cli.logLocalCmd
configure log filter commandfilter add events cli.logLocalCmd
configure log filter commandfilter add events cli.logRemoteCmd
configure syslog add 10.199.0.11:514 vr VR-Default local0
enable log target syslog 10.199.0.11:514 vr VR-Default local0
configure log target syslog 10.199.0.11:514 vr VR-Default local0 filter DefaultFilter severity Debug-Data
configure log target syslog 10.199.0.11:514 vr VR-Default local0 match Any
configure log target syslog 10.199.0.11:514 vr VR-Default local0 format timestamp seconds date Mmm-dd event-name none priority tag-name
configure syslog add 10.199.0.11:514 vr VR-Default local1
enable log target syslog 10.199.0.11:514 vr VR-Default local1
configure log target syslog 10.199.0.11:514 vr VR-Default local1 filter commandfilter severity Debug-Data
configure log target syslog 10.199.0.11:514 vr VR-Default local1 match Any
configure log target syslog 10.199.0.11:514 vr VR-Default local1 format timestamp seconds date Mmm-dd event-name none priority tag-name
Using the above, you can choose to separate command logs and normal logs in different files on the syslog server (selecting on facility local0 or local1 in the example).
I don't think it's worth the effort of separating various tiers in the network when it comes to syslogging. It's easy enough to filter out the host you want to look at when you need the data. If you have lots and lots of switches (hundreds or more), a syslog server needs to have some serious disks performance wise. An old Linux laptop is good for many purposes, but massive syslogging to it's internal 2.5" SATA drive isn't one of them...
The only thing to log to internal memory is the default as it catches boot messages and anything sent to syslog while the network is down. You will rarely need it, but when you do, it may be worth a lot. Remember to set the number of lines to something as high as your platform can handle, ex:
configure log target memory-buffer number-of-messages 20000
Sure, if you're space constrained, you can filter some thing out on various levels, but I haven't bothered with that. "logrotate" does the job of handling files on the Linux server for me.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
09-18-2023 05:22 AM
The nvram for logging on EXOS switches is small, and is not what you see in show log, nvram is what you see in show log messages nvram and these are the ones that remain after a reboot.
ideally you should have a centralized syslog server like for example XIQ Site Engine, as normal log entries will vanish after some time or after a reboot.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
a week ago
How many messages NVRAM is able to storage, OscarK?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
yesterday - last edited yesterday
Around 200ish, I believe there are some dynamic factors and this is not configurable.
