Managing Message Logs; Logging Commands; Performing Fault Management - Enterasys Security Router X-PeditionTM User Manual

Managing Message Logs

Messages produced by the XSR, whether alarms or events, as well as link state changes for critical
ports and a management authentication log, can be routed to various destinations with the
logging command. And by issuing the
while permitting transmission to others.
For normal operation, you should log only HIGH severity alarms which indicate critical events
and those requiring operator intervention. Be aware that the XSR may drop LOW and DEBUG
level alarms if the system is too busy to deliver them. The number of dropped messages is
displayed by the
Be aware that the DEBUG alarm level is used by maintenance personnel only.
The XSR serves the following logging destinations:
• Syslog (to remote Syslog server over the network)
• Console terminal
• Monitor (up to five CLI sessions via Telnet)
• Buffer (in XSR's memory)
• File on CompactFlash card when persistent logging (with respect to power loss) is enabled.
This feature is used especially for the firewall (see
page 16-1 for more information)
• SNMP Trap (async notification by XSR to the SNMP Manager)

Logging Commands

You can log all messages into a particular destination based on the severity level of the message
(high, medium, low and debug) with the
sets that level for all destinations. Also, you can log ACL violations in particular on a per-source
per-ACL group basis with the
Alternatively, you can display the log when it reaches a specified packet threshold with
list log-update-threshold
logging
and show or clear messages in the memory buffer with
clear logging
XSR is powered down.
Refer to Appendix A:
thorough listing of XSR alarms/events and the XSR CLI Reference Guide for command details.

Performing Fault Management

When a software problem causes the XSR's processor to fail, the system captures pertinent data,
produces a Fault Report, and restarts the router automatically. The Fault Report is useful in
diagnosing the problem because it contains the following data relevant to the failure:
• Cause of processor exception
• Time-stamp
• Contents of processor registers
• Operating system status
• Status of tasks, current task (the crashed task)
show logging command.
access-list log
. Generally, you can display your logging configuration with
commands, respectively. Be aware that the entire message history is lost when the
"Alarms/Events, System Limits, and Standard ASCII Table"
no logging command, you can block messages to a site
"Configuring Security on the XSR"
logging command. Note that entering
command and view them every five minutes.
Utilizing the Command Line Interface
logging medium
show logging history
on page A-1 for a
XSR User's Guide 2-23
on
access-
show
and