Example for Outputting Information to a Syslog Server

Logs of different modules and severities can be output to different syslog servers for information backup.

Networking Requirements

A Device generates plenty of information during operations. The storage space of the Device, however, is limited. Therefore, outputting the information to a syslog server is applicable. A syslog server can store and interpret the operation information of multiple Devices.

As shown in Figure 1, a Device is connected to four syslog servers.

  • The Device sends the logs with the severity of notification and being generated by HWTACACS and IM modules to syslog server 1. Syslog server 3 is the backup of syslog server 1.
  • The Device sends the logs with the severity of warning and being generated by PP4 and AAA modules to syslog server 2. Syslog server 4 is the backup of syslog server 2.

Configuration must be performed on both the Device and the syslog server.

In this example, logs are output to a syslog server.

Figure 1 Outputting information to a syslog server

Interface 1 in this example represents GE 0/1/0.

Configuration Roadmap

The configuration roadmap is as follows:

  1. Enable the information management function.

  2. Name the information channel.

  3. Configure the channel through which information is output, the module of which log information is to be output, and the severity of the information.

  4. Configure the source interface through which information is output to the syslog server.

  5. Output information to a specified syslog server.

  6. Configure the syslog server.

Data Preparation

To complete the configuration, you need the following data:

  • IP address of the syslog server

  • Information channel number

  • Name of the channel through which log information is output

  • Modules of which log information is to be output

  • Information severity

Procedure

  1. Configure the routing protocol and IP addresses so that the Device and syslog server are reachable.
  2. Enable the information management function.

    <HUAWEI> system-view
[~HUAWEI] sysname Device
[*Device] commit
[~Device] info-center enable

  3. Name a channel.

    # Name the channel through which logs are output to the syslog server.

    [*Device] info-center channel 6 name loghost1

  4. Configure the channel through which information is output and the module/level of the information to be output.

    # Output the logs of notification or higher levels generated by the HWTACACS and IM modules to the syslog server through the log host channel.

    [*Device] info-center source hwtacacs channel loghost log level notification
[*Device] info-center source im channel loghost log level notification

    # Output the logs of warning or higher levels generated by the PP4 and AAA modules to the syslog server through the log host channel 1.

    [*Device] info-center source pp4 channel loghost1 log level warning
[*Device] info-center source aaa channel loghost1 log level warning

  5. Configure the source interface through which information is output to the syslog server.

    # Configure GE 0/1/0 as the source interface through which information is output to the syslog server.

    [*Device] info-center loghost source gigabitethernet0/1/0

  6. Output information to a specified syslog server.

    # Specify server 1 as the syslog server and server 3 as the backup syslog server to receive logs generated by the HWTACACS and IM modules, using the log recording tool Local2.
    [*Device] info-center loghost 10.1.1.1 channel loghost facility local2
[*Device] info-center loghost 10.1.1.2 channel loghost facility local2
    # Specify server 2 as the syslog server and server 4 as the backup syslog server to receive logs generated by the PP4 and AAA modules, using the log recording tool Local4.
    [*Device] info-center loghost 10.2.1.1 channel loghost1 facility local4
[*Device] info-center loghost 10.2.1.2 channel loghost1 facility local4
[*Device] commit

  7. Configure the syslog server.

    The syslog server can be a Unix or Linux host, or a host on which third-party log software is installed.

    • After the syslog function is enabled, the Unix or Linux host can record information of the Device operation through the syslog mechanism.

      A Linux host as an example.

      • Create an information file. Run the touch loghost.info command in the /var/log directory to create a file named loghost.info to record Device information.

      • Edit the configuration file. Enter the information "loghost.info /var/log/router.log" in the syslog.conf file in etc/. The information indicates that the log host is named loghost, and the log information marked "info" is all recorded to the loghost.log file in var/log/.

      • Change syslogd_options="-m o" in the syslog file in the etc/sysconfig/ directory to syslogd_option="-1 -m o", so that the system can record logs about the remote Device.

      • Run the service syslog restart command to start the syslog service.

    • If the host is equipped with third-party log software, configure the third-party software to implement the log collection function.

  8. Verify the configuration.

    # Check configurations about the information management function.

    [~Device] display info-center

Information Center:enabled
Log host:
        10.1.1.1, channel number 2, channel name loghost,
language English , host facility local2
        10.1.1.2, channel number 2, channel name loghost,
language English , host facility local2
        10.2.1.1, channel number 6, channel name loghost1,
language English , host facility local4
        10.2.1.2, channel number 6, channel name loghost1,
language English , host facility local4
Console:
        channel number : 0, channel name : console
Monitor:
        channel number : 1, channel name : monitor
SNMP Agent:
        channel number : 5, channel name : snmpagent
Log buffer:
        enabled,max buffer size 10240, current buffer size 512,
current messages 10, channel number : 4, channel name : logbuffer
dropped messages 0, overwritten messages 0
Trap buffer:
        enabled,max buffer size 1024, current buffer size 256,
current messages 3, channel number:3, channel name:trapbuffer
dropped messages 0, overwritten messages 0
logfile:
        channel number : 9, channel name : logfile, language : English
Information timestamp setting:
        log - date, trap - date, debug - date millisecond

    # Display the information received on the syslog server.

Configuration Files

#
sysname Device
#
info-center channel 6 name loghost1
info-center source HWTACACS channel 2 log level notification
info-center source IM channel 2 log level notification
info-center source PP4 channel 6 log level warning
info-center source AAA channel 6 log level warning
info-center loghost source GigabitEthernet0/1/0
info-center loghost 10.1.1.1 facility local2
info-center loghost 10.1.1.2 facility local2
info-center loghost 10.2.1.1 channel 6 facility local4
info-center loghost 10.2.1.2 channel 6 facility local4
#
interface GigabitEthernet0/1/0
 undo shutdown
 ip address 10.3.1.1 255.255.255.0
#
ip route-static 10.1.1.0 255.255.255.0 172.16.0.2
ip route-static 10.2.1.0 255.255.255.0 172.16.0.2
#
return
Parent Topic: Configuration Examples for Information Management
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >