System Logging Daemon (Syslogd) - Brocade Communications Systems A7533A - Brocade 4Gb SAN Switch Base Reference Manual

Event auditing is a configurable feature, set to off by default. You must enable event auditing by
configuring the syslog daemon to send the events to a configured remote host using the
syslogIpAdd command. You can set up filters to screen out particular classes of events using the
auditCfg command (the classes include zone, security, configuration, firmware, and fabric). The
defined set of Audit messages are sent to the configured remote host in the Audit message format,
so that they are easily distinguishable from other syslog events that might occur in the network. For
details on how to configure event auditing, see
page 4.

System Logging Daemon (syslogd)

The system logging daemon (syslogd) is a process on UNIX, Linux, and some Windows systems that
reads and logs messages as specified by the system administrator.
Fabric OS can be configured to use a UNIX-style syslogd process to forward system events and error
messages to log files on a remote host system. The host system can be running UNIX, Linux, or any
other operating system that supports the standard syslogd functionality. Configuring for syslogd
involves configuring the host, enabling syslogd on the Brocade model, and, optionally, setting the
facility level.
For the Brocade DCX, 24000 and 48000, each CP has a unique error log, depending on which CP
was active when that message was reported. To fully understand message logging on the Brocade
24000 and 48000 you should enable the system logging daemon, because the logs on the host
computer are maintained in a single merged file for both CPs and are in sequential order.
Otherwise, you must examine the error logs in both CPs, particularly for events such as
firmwareDownload or haFailover, for which the active CP changes.
For the Brocade DCX, 24000 and 48000, any security violations that occur through Telnet, HTTP, or
serial connections are not propagated between CPs. Security violations on the active CP are not
propagated to the standby CP counters in the event of a failover, nor do security violations on the
standby CP get propagated to the active CP counters.
For information on configuring syslogd functionality, refer to the Fabric OS Administrator's Guide.
Fabric OS Message Reference
53-1001157-01
•
FCIP-related messages: FCIP 1002 and 1003
•
FICU-related messages: FICU 1011 and 1012
•
FW-related messages: FW - 3001
•
HTTP configuration messages: HTTP-1002, 1003
•
IPAD-related messages: IPAD 1002
•
PORT related messages: PORT 1006 - 1009
•
SNMP-related messages: SNMP-1004 - 1006
•
Security-related messages (SFOS, RADIUS, login/logout, passwords, ACLs): SEC-3001
- 3041, 3044-3051
•
Software upgrade library: SULB-1001 - 1004, 1009 - 1010, 1017 -1018, 1020 - 1021,
1023 - 1024, 1026, 1030-1035, 1037
•
SWCH-related messages: SWCH 1012-1014
•
UCST-related messages: UCST 1021-1024
•
Zoning messages: ZONE-3001 - 3025
Overview of System Messages
"Viewing and Configuring System Message Logs"
1
on
3