Using Syslog; Using Fibre Channel Span - Cisco MDS 9000 Series Troubleshooting Manual

Using Cisco MDS 9000 Family Tools
S e n d c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m .
Authorization refers to the scope of access that you have once you have been authenticated. With Cisco
MDS 9000 Family switches, assigned roles for users can be stored in a RADIUS server along with a list
of actual devices that the user should have access to. Once the user has been authenticated, then switch
can then refer to the RADIUS server to determine the extent of access the user will have within the
switch network.
Accounting refers to the log information that is kept for each management session in a switch. This
information may be used to generate reports for troubleshooting purposes and user accountability.
Accounting can be implemented locally or remotely (using RADIUS).
The following is an example of an accounting log entries.
switch# show accounting log
Sun Dec 15 04:02:27 2002:start:/dev/pts/0_1039924947:admin
Sun Dec 15 04:02:28 2002:stop:/dev/pts/0_1039924947:admin:vsh exited normally
Sun Dec 15 04:02:33 2002:start:/dev/pts/0_1039924953:admin
Sun Dec 15 04:02:34 2002:stop:/dev/pts/0_1039924953:admin:vsh exited normally
Sun Dec 15 05:02:08 2002:start:snmp_1039928528_172.22.95.167:public
Sun Dec 15 05:02:08 2002:update:snmp_1039928528_172.22.95.167:public:Switchname
set to Switch
Note The accounting log only shows the beginning and ending (start and stop) for each session.

Using Syslog

Syslog lets you store a chronological log of system messages locally or sent to a central Syslog server.
Syslog messages can also be sent to the console for immediate use. These messages can vary in detail
depending on the configuration that you choose. Syslog messages are categorized into 7 severity levels
from debug to critical events. You can limit the severity levels that are reported for specific services
within the switch. For example, you may wish only to report debug events for the FSPF service but
record all severity level events for the Zoning service.
A unique feature within the Cisco MDS 9000 Family switches is the ability to send RADIUS accounting
records to the Syslog service. The advantage of this feature is that you can consolidate both types of
messages for easier correlation. For example, when you log into a switch and change an FSPF parameter,
Syslog and RADIUS provide complimentary information that will help you formulate a complete picture
of the event.

Using Fibre Channel SPAN

For more information about configuring SPAN, refer to the Cisco MDS 9000 Family Configuration
Guide.
You can use the Switched Port Analyzer (SPAN) utility to perform detailed troubleshooting or to take a
sample of traffic from a particular application host for proactive monitoring and analysis. This utility is
most helpful when you have a Fibre Channel protocol analyzer available and you are monitoring user
traffic between two FC IDs.
When you have a problem in your storage network that you cannot solve by fixing the device
configuration, you typically need to take a look at the protocol level. You can use debug commands to
look at the control traffic between an end node and a switch. However, when you need to focus on all the
traffic originating from or destined to a particular end node such as a host or a disk, you can use a
protocol analyzer to capture protocol traces.
Cisco MDS 9000 Family Troubleshooting Guide
1-16
Chapter 1 Troubleshooting Overview
OL-5183-02, Cisco MDS SAN-OS Release 1.3