In general, the structure of the syslog messages generated by IOS-XR has the following format:
- messageid: The ID number of the message.
- hostname: The device that generated the message.
- linecard: The linecard slot.
- datetime: The time when the message was generated in the format: MMM dd hh:mm:ss.fff or MMM dd hh:mm:ss.fff ZZZ.
- process-name: The name of the process that generated the mesage.
- process-id The PID of the process that generated the message.
- facility-name: The name of the Facility.
- severify: The value of the Severity.
- tag: The syslog message tag.
#
Facility 用来表示 log 信息的来源或者说是 log 信息的类别,默认 IOS XR 设备使用的是 LOCAL 7 , id 23。
我们可以在 log server 上进行定义不同 Facility 存储在不同文件中,或者具有不同的 format 格式, 如下。
[root@server1 ~]# grep local /etc/rsyslog.conf
local7.* /var/log/boot.log
local6.* /var/log/syslog
IOS XR 中可以修改 facility , 命令如下
RP/0/RP0/CPU0:CRS-L(config)#logging facility ?
auth Authorization system
cron Cron/at facility
daemon System daemons
kern Kernel
local0 Local use
local1 Local use
local2 Local use
local3 Local use
local4 Local use
local5 Local use
local6 Local use
local7 Local use
lpr Line printer system
mail Mail system
news USENET news
sys10 System use
sys11 System use
sys12 System use
sys13 System use
sys14 Systemcode use
sys9 System use
syslog Syslog itself
user User process
uucp Unix-to-Unix copy system
<cr>
#
默认传递的 syslog 中是不包含设备的 hostname 的,如下是在 log server 上记录的 log,第一行中不包含 hostname; 通过在 IOS XR 设备上添加配置"logging hostname
Apr 14 23:34:38 10.1.1.1 462388: LC/0/6/CPU0:Apr 15 09:02:48 : plim_xge[301]: %L2-PLIM-4-XFP_WARN_RX_PWR : Interface TenGigE0/6/0/9, RX Low power warning occurred
Apr 14 23:50:04 10.1.1.1 462620: CRS-L RP/0/RP0/CPU0:Apr 15 09:18:13 : config[65956]: %MGBL-CONFIG-6-DB_COMMIT : Configuration committed by user 'xuxing'. Use 'show configuration commit changes 1000000229' to view the changes.