This chapter describes how to configure events logged by ELS and how to use the ELS commands. The information includes the following sections:
For more information on the Event Logging System and how to interpret ELS event messages, refer to "Using the Event Logging System (ELS)".
The ELS configuration environment is characterized by the ELS config> prompt. Commands entered at this prompt are described "Configuring and Monitoring the Event Logging System (ELS)".
To enter the ELS configuration environment:
The monitoring displays the Config> prompt. If the prompt does not appear, press enter.
event
The monitoring displays the ELS configuration prompt (ELS config>). Now, you can enter ELS configuration commands.
To leave the ELS configuration environment, enter the exit command.
Table 22 summarizes the ELS configuration commands. The
remainder of this section describes each one in detail. After accessing
the ELS configuration environment, you can enter ELS Configuration commands at
the ELS Config> prompt.
Table 22. ELS Configuration Command Summary
| Command | Function |
|---|---|
| ? (Help) | Displays all the commands available for this command level or lists the options for specific commands (if available). See "Getting Help". |
| Add | Adds an event to an existing group or creates a new group. |
| Clear | Clears all ELS configuration information. |
| Default | Resets the display or trap setting of an event, group, or subsystem. |
| Delete | Deletes an event number from an existing group or deletes an entire group. |
| Display | Enables message display on the console monitor. |
| List | Lists information on ELS settings and messages. |
| Nodisplay | Disables message display on the console. |
| Noremote | Disables remote logging to a remote workstation. |
| Notrace | Controls disablement of packet trace events. |
| Notrap | Keeps messages from being sent out in SNMP traps. |
| Remote | Allows messages to be logged to a remote workstation. |
| Set | Sets the pin parameter and the timestamp feature options. |
| Trace | Controls enablement of packet trace events. |
| Trap | Allows messages to be sent to a network management workstation in SNMP traps. |
| View | Allows viewing of traced packets. |
| Exit | Returns you to the previous command level. See "Exiting a Lower Level Environment". |
Use the add command to add an individual event to an existing group or to create a new group. Group names must start with a letter and are case sensitive. You cannot append an entire subsystem to a group.
Syntax:
| Note: | If the specified group does not exist, the following prompt asks you to
confirm the creation of a new group:
Group not found. Create new group? (yes or no) |
Use the clear command to clear all of the ELS configuration information.
Syntax:
Example:
clear You are about to clear all ELS configuration information Are you sure you want to do this (Yes or No):
Resets the display or trap setting of an event, group, or subsystem back to a disabled state.
Syntax:
Use the delete command to delete an event number from an existing group or to delete the entire group. If the specified event is the last event to be deleted in a group, you will be notified. If all is specified instead of subsystem.event_number, a prompt asks you to confirm the deletion of the entire group.
Syntax:
Use the display command to enable message displaying on the monitoring monitor for specific events, a range of events for a subsystem, groups, or subsystems.
Syntax:
Where first_event_number is the number of the first event in the specified event range, and last_event_number is the number of the last event in the specified event range.
Displays a range of messages for the specified subsystem.
Example:
display range gw 19 22
Displays events gw.19, gw.20, gw.21, and gw.22.
| Note: | Although ELS supports all subsystems on the device, not all devices support all subsystems. See Event Logging System Messages Guide for a list of currently supported subsystems. |
Use the filter command to access the filter configuration command environment. See "ELS Net Filter Configuration Commands" for complete command details.
Syntax:
Use the list command to get updated information regarding ELS settings and listings of selected messages.
Syntax:
Example:
list r Remote Logging is ON Source IP Address = 192.67.38.2 Remote Log IP Address = 192.9.200.1 Default Syslog Facility = LOG_DAEMON Default Syslog Priority Level = LOG_CRIT Number of Messages in Remote Log = 256 Remote Logging Local ID = MYHOSTNAME
Example:
list status
Subsystem: TKR
Disp Levels: STANDARD
Trap levels: none
Trace levels: none
Remote levels: ERROR INFO TRACE
Syslog Facility/Level: LOG_USER LOG_INFO
Group Disp Trap Trace Remote
Mygroup Unset Unset Unset On
Syslog Facilty/Level: LOG_DAEMON LOG_CRIT
Event Disp Trap Trace Remote
IP.007 Unset Unset Unset On
Syslog Facility/Level: LOG_CRON LOG_NOTICE
| Note: | Not only is remote logging enabled, but the display includes the Syslog Facility/Level values for each subsystem, group, and event. Ranges of events are listed as individual events. |
(Example output from a list subsystem command can be found beginning on page ***.)
Example:
list subsystem gw Event Level Message GW.001 ALWAYS Copyright 1984 Mass Institute of Technology GW.002 ALWAYS Portable CGW %s Rel %s strtd GW.003 ALWAYS Unus pkt len %d nt %d int %s/%d GW.004 ALWAYS Sys %s q adv alloc %d excd %d GW.005 ALWAYS Bffrs: %d avail %d idle fair %d low %d GW.006 C-INFO Pkt frm nt %d int %s/%d for uninit prt, disc GW.007 C-INFO Ip err %x nt %d int %s/%d GW.008 U-INFO Ip ovfl nt %d int %s/%d, disc GW.009 UI-ERROR Nt dwn ip rstrt nt %d int %s/%d GW.010 UI-ERROR Ip q len %d no ip buf nt %d int %s/%d GW.011 U-INFO Op err %x hst %wo nt %d int %s/%d GW.012 U-INFO Op err cnt excd hst %wo nt %d int %s/%d GW.013 U-INFO Rtrns cnt excd hst %wo nt %d int %s/%d GW.014 UI-ERROR Nt dwn op rstrt nt %d int %s/%d GW.015 UI-ERROR Nt dwn to hst %wo nt %d int %s/%d GW.016 U-INFO Op ovfl to hst %wo nt %d int %s/%d GW.017 UE-ERROR Intfc hdw mssng nt %d int %s/%d GW.018 U-TRACE Strt nt slf tst nt %d int %s/%d GW.019 C-INFO Slf tst nt %d int %s/%d GW.020 U-TRACE Nt pss slf tst nt %d int %s/%d GW.021 UE-ERROR Nt up nt %d int %s/%d GW.022 U-TRACE Nt fld slf tst nt %d int %s/%d
Example:
list trace-status ------------------------- Configuration ----------------------------- Trace Status:ON Wrap Mode:ON Decode Packets:ON RAM Trace Buffer Size:100000 Maximum Trace Buffer File Size:10000000 Max Packet Bytes Trace:256 Default Packet Bytes Traced:100 Trace File Record Size:2048 Stop Trace Event: TCP.013
Use the nodisplay command to select and turn off messages displaying on the console.
Syntax:
Where first_event_number is the number of the first event in the specified event range, and last_event_number is the number of the last event of the specified event range.
Suppresses the displaying of a range of messages for the specified subsystem.
Example:
nodisplay range gw 19 22
Suppresses the display of events gw.19, gw.20, gw.21, and gw.22.
Use the noremote command to suppress the logging of events to a remote workstation based on event number, group, range of events, or subsystem.
| Note: | With the noremote command, there is usually no need to specify a syslog_facility and syslog_level, such as there is with the remote command. However, for noremote subsystem command, there exists the option of selectively suppressing specific message levels (for example, "error" only or "trace" only) rather than turning them all off. (If you do not specify any particular message level, "all" is assumed). Additionally, with the noremote subsystem command, you can set a syslog_facility and syslog_level for any remaining message levels that have not been turned off. |
Syntax:
Where first_event_number is the number of the first event in the specified event range, and last_event_number is the number of the last event of the specified event range.
Suppresses the remote logging of a range of messages for the specified subsystem.
Example:
noremote range gw 19 22
Suppresses the remote logging of events gw.019, gw.020, gw.021, and gw.022
Example 1:
noremote subsystem tkr
Suppresses the remote logging of all "tkr" messages.
Example 2:
ELS config> noremote subsystem tkr info ELS config> SYSLOG FACILITY[LOG_USER]? ELS config> SYSLOG LEVEL[LOG_INFO]?
In this example, "LOG_USER" and "LOG_INFO" were the values last picked for subsystem TKR. The command specified turns off the remote logging for subsystem TKR only for messages coded for "info". Because syslog_facility and syslog_level was not specified, the software prompts for syslog_facility and syslog_level. If you enter another value at the prompts, that value will replace syslog_facility and syslog_level for the remaining remote-logged messages for the TKR subsystem.
Use the list all or list status commands to display what you have set with the noremote and remote commands.
For more information about syslog_facility and syslog_level see "Remote".
Disables packet trace for the specified event/range/subsystem/group.
Syntax:
Where first_event_number is the number of the first event in the specified event range, and last_event_number is the number of the last event of the specified event range.
Disables the sending of packet trace data for a range of messages for the specified subsystem.
Example:
trace range gw 19 22
Suppresses the sending of packet trace data for events gw.19, gw.20, gw.21, and gw.22.
Use the notrap command to select and turn off messages so that they are no longer sent to a network management workstation in SNMP traps.
Syntax:
Where first_event_number is the number of the first event in the specified event range, and last_event_number is the number of the last event of the specified event range.
Suppresses the sending of messages for the events in the specified range for the specified subsystem in SNMP traps.
Example:
notrap range gw 19 22
Suppresses the sending of messages for events gw.19, gw.20, gw.21, and gw.22 in SNMP traps.
Use the remote command to select the events to be logged to a remote workstation by event number, range of events, group, or subsystem.
Syntax:
Syslog facility and level values are used by the syslog daemon in the remote workstation to determine where to log the messages. This value overrides the default values that are set with the set facility and set level commands.
log_auth
log_authpriv
log_cron
log_daemon
log_kern
log_lpr
log_mail
log_news
log_syslog
log_user
log_uucp
log_local0-7
log_emerg
log_alert
log_crit
log_err
log_warning
log_notice
log_info
log_debug
These values do NOT have any particular association with any daemons on the IBM 8371. They are merely identifiers which are used by the syslog daemon on the remote workstation.
Where first_event_number is the number of the first event in the specified event range, and last_event_number is the number of the last event of the specified event range.
Causes the events in the specified range for the specified subsystem to be remotely logged based on the syslog_facility and syslog_level values. See the remote event command.
Example:
remote range gw 19 22 log_user log_info
Causes the event gw.19, gw.20, gw.21, and gw.22 to be logged remotely on the syslog_facility value of log_user and the syslog_level value of log_info.
Causes the events within the specified subsystem.name whose message_level agrees with the specified message_level to be logged remotely at the files based on the syslog_facility and syslog_level values. See the remote event command.
Message_level is a value such as "ALL," "ERROR," "INFO," or "TRACE". See Logging Level. The value specified in the remote command must agree with the value as coded on the particular event within the subsystem, or that event within the subsystem will not be remotely logged.
Example:
remote subsystem ETH all log_user log_info
In the above example, all messages in subsystem ETH ("all" includes any messages coded for "error," "info," or "trace") will be logged remotely based on log_user and log_info values at the remote host.
Use the list all or list status commands to display what you have set with the noremote and remote commands.
Use the set command to set the maximum number of tags per second, the timestamp feature, or to set tracing options.
Syntax:
Syntax:
These are all possible syslog facility values:
log_auth
log_authpriv
log_cron
log_daemon
log_kern
log_lpr
log_mail
log_news
log_syslog
log_user
log_uucp
log_local0-7
These are all possible syslog level values:
log_emerg
log_alert
log_crit
log_err
log_warning
log_notice
log_info
log_debug
You should use an IP address that is configured in the 8371 for easier identification when the IP address or the hostname is shown in the remotely-logged ELS message. You should also verify that this IP address is quickly resolved to a hostname by the name server, or at least that the name server responds quickly with "address not found."
To determine that the IP address resolves properly enter the host command on your workstation as shown:
workstation>host 5.1.1.1 host: address 5.1.1.1 NOT FOUND workstation>
If the response takes more than 1 second, select an IP address that resolves more quickly.
Use the set timestamp command to enable one of the following timestamp options.
| Note: | Tracing should be used only under the direction of trained support personnel. Tracing, especially when used with disk-shadowing enabled, uses device resources and can impact overall performance and throughput. |
Syntax:
Valid Values: 0, >=10,000
Default Value: 0
When a stop-event occurs, an entry is written to the trace buffer. The view command for this trace entry will display "Tracing stopped due to ELS Event Id: TCP.013".
After tracing stops due to a stop-event, you must re-enable tracing with the set trace on command. (A restart will also re-enable tracing if enabled from the ELS Config> prompt.)
Enables packet trace for the specified event/range/subsystem/group. When the trace command is used from the ELS Config> prompt, the changes become part of the configuration, and a reboot is required to activate the changes.
Syntax:
Where first_event_number is the number of the first event in the specified event range, and last_event_number is the number of the last event of the specified event range.
Causes the trace events in the specified range for the specified subsystem to be displayed on the system monitoring.
Example:
trace range gw 19 22
Causes the trace events gw.19, gw.20, gw.21, and gw.22 to be displayed on the system monitoring.
Use the trap command to select the message to be sent to the remote SNMP network management workstation. A remote SNMP network management workstation is an IP host in the network acting as an SNMP manager.
Syntax:
Where first_event_number is the number of the first event in the specified event range, and last_event_number is the number of the last event of the specified event range.
Causes the messages that are in the specified range for the specified subsystem to be sent to a network management workstation in an SNMP trap.
Example:
trap range gw 19 22
Causes the messages in events gw.19, gw.20, gw.21, and gw.22 to be sent to a network management workstation in an SNMP trap.
| Note: | Messages for the IP, ICMP, ARP and UDP subsystems cannot be sent in SNMP traps because these areas are or may be used in the process of sending the SNMP trap. This could lead to an infinite loop of traffic putting an undue strain on the device. |
ELS net filters give you the capability of looking only at ELS messages with certain net numbers and discarding other ELS messages.
When you create a filter, you specify the subsystem, event, or range of events to which the filter applies. You also specify the queue (for example, "DISPLAY", "TRAP", "TRACE", or "REMOTE-LOGGING"). Finally, you specify the net number (or range of net numbers) that you want to filter.
When you enable the filter, messages that have been turned on by the ELS commands are subject to filtering. The filter allows only messages with the specified net numbers. The filter causes the device to discard messages that do not contain the specified net numbers.
By reducing the number of ELS messages sent, you can more easily locate messages for the interfaces in which you are interested.
This section describes the commands to configure the ELS net
filters. To configure these filters, enter the filter net
command at the ELS> prompt. Then, enter the configuration commands
at the ELS Filter net> prompt.
Table 23. ELS Net Filter Configuration Commands
| Command | Function |
|---|---|
| ? (Help) | Displays all the commands available for this command level or lists the options for specific commands (if available). See "Getting Help". |
| Create | Creates a filter and assigns it a number. A maximum of 64 filters is allowed. |
| Delete | Deletes a specified filter number or all filters. |
| Disable | Disables a specified filter number or all filters. |
| Enable | Enables a specified filter number or all filters. |
| List | Lists a specified filter number or all filters. |
| Exit | Returns you to the previous command level. See "Exiting a Lower Level Environment". |
Use the create command to create an ELS net filter.
Syntax:
Display
Trace
Trap
Remote
If you specify net#_start and net#_end as the same number, you are filtering on a single net number.
The command create trap event GW.009 2 10 filters traps for message GW.009 for net numbers 2 through 10.
If you specify net#_start and net#_end as the same number, you are filtering on a single net number.
The command create remote range ipx 19 22 3 6 filters all ipx messages beginning with IPX.019 and ending with IPX.022 for net numbers 3 through 6 for remote logging.
If you specify net#_start and net#_end as the same number, you are filtering on a single net number.
The command create display subsys ip 1 1, filters all ELS messages for the ip subsystem that contain net number 1 to the display. All other ip subsystem messages are discarded.
Use the delete command to delete a specific ELS filter or all ELS filters.
Syntax:
Use the disable command to disable a specific ELS filter or all ELS filters.
Syntax:
Use the enable command to enable a specific ELS filter or all ELS filters.
Syntax:
Use the list command to list a specific ELS filter or all ELS filters.
Syntax:
The ELS monitoring environment (available from the GWCON process) is characterized by the ELS> prompt. Commands entered at this prompt modify the current ELS parameter settings. These commands are described "Configuring and Monitoring the Event Logging System (ELS)".
To enter the ELS monitoring environment from OPCON:
* console
The monitoring displays the GWCON prompt (+). If the prompt does not appear when you first enter GWCON, press enter.
+ event
The monitoring displays the ELS monitoring prompt (ELS>). Now, you can enter ELS monitoring commands.
To leave the ELS monitoring environment, enter the exit command.
This section summarizes and then explains all the ELS monitoring
commands. After accessing the ELS Monitoring environment, you can enter
ELS monitoring commands at the ELS> prompt.
Table 24. ELS Monitoring Command Summary
| Command | Function |
|---|---|
| ? (Help) | Displays all the commands available for this command level or lists the options for specific commands (if available). See "Getting Help". |
| Clear | Resets to zero the counts of messages associated with specified events, groups, or subsystems. |
| Display | Enables message display on the console. |
| Exit | Exits the ELS console process and returns the user to GWCON. |
| Filter | Filter ELS messages based upon the net number. |
| List | Lists information on ELS settings and messages. |
| Nodisplay | Disables message display on the console. |
| Noremote | Disables remote logging to file at remote workstation. |
| Notrace | Disables trace event display on the console. |
| Notrap | Keeps messages from being sent out in SNMP traps to the network management workstation. |
| Packet-trace | Provides an enhanced central environment for setting and listing active packet tracing parameters. |
| Remote | Allows messages to be logged at a file on a remote workstation. |
| Remove | Frees up memory by erasing stored information. |
| Restore | Clears current settings and reloads initial ELS configuration. |
| Retrieve | Reloads the saved ELS configuration. |
| Save | Stores the current configuration. |
| Set | Sets the pin parameter and the timestamp feature. |
| Statistics | Displays available subsystems and pertinent statistics. |
| Trace | Enables trace event display on the console. |
| Trap | Allows messages to be sent to a network management workstation in SNMP traps. |
| View | Allows viewing of traced packets. |
| Exit | Returns you to the previous command level. See "Exiting a Lower Level Environment". |
Use the clear command to reset to zero the counts of the display, trace, trap, or remote commands as they relate to specific events, groups or subsystems.
Syntax:
Use the display command to enable the message display on the monitoring monitor for specific events.
Syntax:
Where first_event_number is the number of the first event in the specified event range, and last_event_number is the number of the last event in the specified event range.
Displays a range of messages for the specified subsystem.
Example:
display range gw 19 22
Displays events gw.19, gw.20, gw.21, and gw.22.
Use the files trace tftp command to retrieve trace files from the subdirectory associated with:
Syntax:
You are prompted for the remote server IP address and the remote path/file name.
Use the files command to transfer trace files to another host on the network using TFTP.
Syntax:
Use the filter command to access the filter configuration command environment. See ELS Net Filter Monitoring Commands for complete command details.
Syntax:
Use the list command to get updated information regarding ELS settings and to get listings of selected messages.
Syntax:
Example:
list active ip Event Active Count Message IP.007 2874 %I -> %I IP.022 13 add nt %I int %I nt %n int %s/%d IP.036 2874 rcv pkt prt %d frm %I IP.058 23 del nt %I rt via %I nt %n int %s/%d IP.068 D 37 routing cache cleared D=Display on T=Trap on P=Packet Trace on F=Filter on R=Remote Logging on A=Advanced on
If Remote logging is turned on, those events displayed as active for a subsystem will have an "R" next to their name.
Example:
list event ip.007 Level: p-TRACE Message: source_ip_address -> destination_ip_address Active: Count: 84182
If Remote-logging had been activated for this event, and the syslog_facility and syslog_level values were log_daemon and log_crit, the last lines would look like:
Active: R count:84182 Syslog Facility: log_daemon Syslog Level: log_crit
Example:
list pin Pin: 100 events/second
Example:
list r Remote Logging is On Source Ip Address = 192.9.200.8 Remote Log IP Address = 192.9.200.1 Default Syslog Facility = LOG_USER Default Syslog Priority Level = LOG_INFO Number of Messages in Remote Log = 256 Remote Logging Local ID = SPHINX
| Note: | Although ELS supports all subsystems on the device, not all devices support all subsystems. See ELS Messages for a list of currently supported subsystems. |
Example:
list subsystem eth
Event Level Message
ETH.001 P-TRACE brd rcv unkwn type packet_type source_Ethernet_address ->
destination_Ethernet_address nt network
ETH.002 UE-ERROR rcv unkwn typ packet_type source_Ethernet_address ->
destination_Ethernet_address nt network
ETH.010 C-INFO LLC unk SAP DSAP source_Ethernet_address ->
destination_Ethernet_address nt network
Example:
list trace-status ------------------------- Configuration ----------------------------- Trace Status:ON Wrap Mode:ON Decode Packets:ON RAM Trace Buffer Size:100000 Maximum Trace Buffer File Size:10000000 Max Packet Bytes Trace:256 Default Packet Bytes Traced:100 Trace File Record Size:2048 Stop Trace Event: TCP.013 ------------------------ Run-time Status ---------------------------- Packets in RAM Trace Buffer:1 Free Trace Buffer Memory:99958 Trace Errors:0 First Packet:1 Last Packet:1 Trace Records Stored on HD:8 Trace Buffer File Size:16560 HD-Shadowing Time Exceeded? NO Elapsed Time: 0 hr, 0 min, 10 sec Has Stop Trace Event Occurred? NO
ELS Config>LIST TRACE command under talk 6 displays information similar to the following:
------------------------- Configuration ----------------------------- Trace Status:ON Wrap Mode:ON Decode Packets:ON RAM Trace Buffer Size:100000 Maximum Trace Buffer File Size:10000000 Max Packet Bytes Trace:256 Default Packet Bytes Traced:100 Trace File Record Size:2048 Stop Trace Event: TCP.013
Use the nodisplay command to select and turn off messages displaying on the console.
Syntax:
Where first_event_number is the number of the first event in the specified event range, and last_event_number is the number of the last event of the specified event range.
Suppresses the displaying of a range of messages for the specified subsystem.
Example:
nodisplay range gw 19 22
Suppresses the display of events gw.19, gw.20, gw.21, and gw.22.
Use the noremote command to select and turn off messages logging to a remote workstation.
Syntax:
Where first_event_number is the number of the first event in the specified event range, and last_event_number is the number of the last event of the specified event range.
Suppresses the remote logging of a range of messages for the specified subsystem.
Example:
noremote range gw 19 22
Suppresses the remote logging of events gw.19, gw.20, gw.21, and g.22
Example:
noremote subsystem tkr
| Note: | With noremote, there is no need to specify a Syslog Facility and Level, such as there is with Remote. |
Use the list event and list active commands to verify what you set with the remote and noremote commands.
Use the notrace command to stop display of selected trace events at the monitoring.
Syntax:
Where first_event_number is the number of the first event in the specified event range, and last_event_number is the number of the last event of the specified event range.
Disables the sending of packet trace data for a range of messages for the specified subsystem.
Example:
notrace range gw 19 22
Suppresses the sending of packet trace data for events gw.19, gw.20, gw.21, and gw.22.
Example:
notrace subsystem frl error notrace subsystem frl
Use the notrap command to select and turn off messages so that they are no longer sent to a network management workstation in SNMP traps.
Syntax:
Where first_event_number is the number of the first event in the specified event range, and last_event_number is the number of the last event of the specified event range.
Suppresses the sending of messages for the events in the specified range for the specified subsystem in SNMP traps.
Example:
notrap range gw 19 22
Suppresses the sending of messages for events gw.19, gw.20, gw.21, and gw.22 in SNMP traps.
Example:
notrap subsystem eth error
Use the packet-trace command to display/enable/disable packet tracing information for various subsystems.
Syntax:
Use the Exit command when you are finished using Packet Trace.
For complete command descriptions, see "Packet-trace Monitoring Commands".
Use the remote command to select the events to be logged to a remote file by event number, range of events, group, or subsystem.
Syntax:
Syslog facility and level values are used by the syslog daemon in the remote workstation to determine where to log the messages. This value overrides the default values that are set with the set facility and set level commands.
log_auth
log_authpriv
log_cron
log_daemon
log_kern
log_lpr
log_mail
log_news
log_syslog
log_user
log_uucp
log_local0-7
log_emerg
log_alert
log_crit
log_err
log_warning
log_notice
log_info
log_debug
These values do NOT have any particular association with any daemons on the IBM 8371. They are merely identifiers which are used by the syslog daemon on the remote workstation.
Example:
remote event gw.019 log_user log_info
Where first_event_number is the number of the first event in the specified event range, and last_event_number is the number of the last event of the specified event range.
Causes the events in the specified range for the specified subsystem to be remotely logged based on the syslog_facility and syslog_level. See the remote event command.
Example:
remote range gw 19 22 log_user log_info
Causes the event gw.19, gw.20, gw.21, and gw.22 to be logged remotely to the files specified by the syslog_facility value of log_user and the syslog_level value of log_info.
Causes the events within the specified subsystem.name whose message_level agrees with the specified message_level to be logged remotely based on the syslog_facility and syslog_level. See the remote event command.
Message_level is a value such as ALL, ERROR, INFO, or TRACE. See Logging Level. The value specified in the remote command must agree with the value as coded on the particular event within the subsystem, or that event within the subsystem will not be remotely logged.
Example:
remote subsystem eth all log_user log_info
In the above example, all messages in subsystem TKR ("all" includes any messages coded for "error," "info," or "trace") will be logged remotely to files specified by log_user and log_info at the remote host.
Use the list event and list active commands to verify what you set with the remote and noremote commands.
Use the remove command to free up memory by erasing stored information. If you have previously saved the current configuration with the save command, remove allows you to erase the saved configuration.
Syntax:
Use the restore command to clear all current settings (except counters) and reload the initial ELS configuration. To retain the current settings, use the save command before restoring the initial configuration.
Syntax:
Use the retrieve command to reload the saved ELS configuration. If you have previously saved the current configuration with the save command, use retrieve to reload it. Retrieve does not erase the saved configuration after it executes. To erase the saved configuration, use the remove command.
Syntax:
Use the save command to store the current configuration (except counters). Save does not affect the default configuration (the one you set with the configuration commands). Use save after modifying the configuration with the monitoring commands with the intention of saving this configuration over a restart. There can be only one saved configuration at a time. To reload the saved configuration, use the retrieve command.
Syntax:
Use the set command to set the maximum number of traps per second, to set the timestamp feature, or to set the tracing options.
Syntax:
Syntax:
These are all possible syslog facility values:
log_auth
log_authpriv
log_cron
log_daemon
log_kern
log_lpr
log_mail
log_news
log_syslog
log_user
log_uucp
log_local0-7
These are all possible syslog level values:
log_emerg
log_alert
log_crit
log_err
log_warning
log_notice
log_info
log_debug
You should use an IP address that is configured in the 8371 for easier identification when the IP address or the hostname is shown in the remotely-logged ELS message. You should also verify that this IP address is quickly resolved to a hostname by the name server, or at least that the name server responds quickly with "address not found."
To determine that the IP address resolves properly enter the host command on your workstation as shown:
workstation>host 5.1.1.1 host: address 5.1.1.1 NOT FOUND workstation>
If the response takes more than 1 second, select an IP address that resolves more quickly.
| Note: | If you turn on timestamping, you must remember to go back into the CONFIG process and set the device's date and time using the time command. Otherwise, all messages will come out with 00:00:00, or negative numbers in the hours, minutes, and/or seconds, for example 00:-4:-5. |
Use the set timestamp command to enable one of the following timestamp options:
Syntax:
Syntax:
| Note: | The default setting is to print complete decode output for all frame types. Use the list trace-status command to see the current decode settings. See page ***. |
Valid Values: 0, >=10,000
Default Value: 0
When a stop-event occurs, an entry is written to the trace buffer. The view command for this trace entry will display "Tracing stopped due to ELS Event Id: TCP.013".
After tracing stops due to a stop-event, you must re-enable tracing with the set trace on command. (A restart will also re-enable tracing if enabled from the ELS Config> prompt.)
Example:
set trace stop-event TCP.013
Use the statistics command to display a list of all of the available subsystems and their statistics.
| Note: | The following example may not match your display exactly. The output of the command depends on the version and release of the installed software. |
Syntax:
statistics Subsys Vector Exist String Active Heap GW 105 101 3411 0 0 FLT 20 7 184 0 0 BRS 50 5 201 0 0 ARP 150 142 7030 0 0 IP 100 100 2463 2 20 ICMP 30 21 529 0 0 TCP 60 57 2420 0 0 UDP 10 6 179 0 0 BTP 40 13 695 0 0 RIP 30 22 474 0 0 OSPF 80 73 2859 0 0 MSPF 40 17 593 0 0 TFTP 35 29 819 0 0 SNMP 30 28 821 0 0 DVM 30 21 589 0 0 DN 140 115 5842 0 0 XN 35 21 780 0 0 IPX 110 110 4705 0 0 CLNP 80 58 1763 0 0 ESIS 40 24 716 0 0 ISIS 80 58 2422 0 0 DNAV 50 26 1314 0 0 AP2 80 70 1755 0 0 ZIP2 60 51 1859 0 0 R2MP 50 38 1185 0 0 VIN 90 79 3159 0 0 SRT 120 94 5040 0 0 STP 60 32 1590 0 0 BR 50 30 1616 0 0 SRLY 30 28 1409 0 0 ETH 60 47 1098 0 0 SL 50 35 584 0 0 TKR 60 45 2031 0 0 X25 70 53 1909 0 0 FDDI 30 27 1155 0 0 SDLC 100 95 4263 0 0 FRL 130 97 6068 0 0 PPP 190 186 6394 0 0 X251 50 16 546 0 0 X252 50 34 996 0 0 X253 50 42 1649 0 0 ISDN 50 43 1994 0 0 IPPN 20 4 132 0 0 WRS 40 33 1938 0 0 LNM 70 60 3137 0 0 LLC 170 168 9840 0 0 BGP 80 74 2477 0 0 MCF 15 9 244 0 0 DLS 500 497 24340 0 0 V25B 30 28 1058 0 0 BAN 30 29 1223 0 0 COMP 80 26 1050 0 0 NBS 100 50 3029 0 0 ATM 300 216 10808 0 0 LEC 200 174 7258 0 0 APPN 100 28 467 0 0 ILMI 150 23 487 0 0 SAAL 30 26 621 0 0 SVC 30 26 465 0 0 LES 400 361 22333 0 0 LECS 150 145 5666 0 0
EVLOG 1 1 105 0 0 NOT 25 15 508 0 0 NHRP 250 211 8193 0 0 XTP 64 58 2271 0 0 ESC 150 67 3122 0 0 LCS 40 22 858 0 0 LSA 70 61 3506 0 0 MPC 130 30 1677 3 44 SCSP 40 34 1234 0 0 ALLC 50 36 1842 0 0 NDR 50 38 1150 0 0 MLP 100 93 4006 0 0 SEC 50 30 688 0 0 ENCR 100 4 194 0 0 PM 25 6 120 0 0 DGW 20 9 238 0 0 QLLC 55 54 2411 0 0 Total 6490 4942 215805 5 64 Maximum:7976 vector, 155 subsystem Memory:71784/620 vector+ 81256/217714 data+ 64 heap=371438Subsys
Use the trace command to select the trace events to be displayed on the system monitoring. This command provides function that is similar to the packet trace command described in "Packet-trace Monitoring Commands".
Syntax:
Where first_event_number is the number of the first event in the specified event range, and last_event_number is the number of the last event of the specified event range.
Causes the trace events in the specified range for the specified subsystem to be displayed on the system monitoring.
Example:
trace range gw 19 22
Causes the trace events gw.19, gw.20, gw.21, and gw.22 to be displayed on the system monitoring.
Use the trap command to select the message to be sent to the remote SNMP network management workstation. A remote SNMP network management workstation is an IP host in the network acting as an SNMP manager.
Syntax:
Where first_event_number is the number of the first event in the specified event range, and last_event_number is the number of the last event of the specified event range.
Causes the messages that are in the specified range for the specified subsystem to be sent to a network management workstation in an SNMP trap.
Example:
trap range gw 19 22
Causes the messages in events gw.19, gw.20, gw.21, and gw.22 to be sent to a network management workstation in an SNMP trap.
| Note: | Messages for the IP, ICMP, ARP and UDP subsystems cannot be sent in SNMP traps because these areas are or may be used in the process of sending the SNMP trap. This could lead to an infinite loop of traffic putting an undue strain on the device. |
Use the view command to view traced packets.
Syntax:
This section describes the Packet-trace Monitoring
commands. After accessing the Packet-trace Monitoring environment, you
can enter Packet-trace Monitoring commands at the ELS Packet
Trace> prompt.
Table 25. Packet Trace Monitoring Command Summary
| Command | Function |
|---|---|
| ? (Help) | Displays all the commands available for this command level or lists the options for specific commands (if available). See "Getting Help". |
| Off | Disables packet tracing. |
| On | Enables packet tracing. Prompts for memory trace buffer size if not previously set. |
| Reset | Clears the trace buffer and resets all associated counters. |
| Set | Configures tracing options. |
| Subsystems | Activates tracing for the subsystems that support packet tracing, or displays a summary. |
| Trace-status | Displays information on the status of packet tracing, including configuration and run-time. |
| View | Provides View Captured Packet Trace Buffers Console |
| Exit | Returns you to the previous command level. See "Exiting a Lower Level Environment". |
Use the off command to disable packet tracing.
Syntax:
Use the on command to enable packet tracing.
Syntax:
Use the reset command to clear the trace buffer and reset all associated counters.
Syntax:
Use the set command to configure tracing options.
Syntax:
For an explanation of the set command, see page ***.
Use the subsystems command to activate tracing for the subsystems that support packet tracing, or to display a summary.
Syntax:
Example:
subsystems atm Network number? 0 ATM Interface is selected on | off | list [list]? on Note that SVC uses VPI = 0, VCI = 5 and ILMI uses VPI = 0, VCI = 16 Beginning of VPI range [0]? End of VPI range [0]? Beginning of VCI range [0]? 16 End of VCI range [0]? 16 Tracing event ATM.88: ATM frames
Example:
subsystems lec Network number? 1 ATM Emulated LAN is selected on | off | list [list]? on Trace which types of frames (data, control, both) [both]? Tracing event LEC.11: data frames over ATM Forum LEC: interface 1 Tracing event LEC.12: control frames over ATM Forum LEC: interface 1 Note that if the user DISABLEs and TESTs this LEC interface, the LEC trace settings from Talk 6 Config will take effect. MAC Address packet filtering can be enabled under the LEC net using the 'trace mac-address' command.
Example:
subsystems summary
Subsystems Being Traced
ATM net number = 0, VPI Range: 0 - 0
VCI Range: 16 - 16
LEC net number = 1
Use the trace-status command to get updated information regarding packet trace.
Syntax:
Example:
trace-status ------------------------- Configuration ----------------------------- Trace Status:OFF Wrap Mode:OFF Decode Packets:OFF RAM Trace Buffer Size:0 Maximum Trace Buffer File Size:10000000 Max Packet Bytes Trace:256 Default Packet Bytes Traced:100 Trace File Record Size:2048 Stop Trace Event: None ------------------------ Run-time Status ---------------------------- Packets in RAM Trace Buffer:0 Free Trace Buffer Memory:0 Trace Errors:0 First Packet:0 Last Packet:0 Trace Records Stored on HD:0 Trace Buffer File Size:0 Has Stop Trace Event Occurred? NO
Use the view command to enter the View Captured Packet Trace Buffers Monitoring.
For an explanation of the view commands, see "View".
Syntax:
This section describes explains the commands to manipulate ELS net
filters. To enter the filter environment, enter the filter
net command at the ELS> prompt. Enter the monitoring commands
at the ELS Filter net> prompt.
Table 26. ELS Net Filter Monitoring Commands
| Command | Function |
|---|---|
| ? (Help) | Displays all the commands available for this command level or lists the options for specific commands (if available). See "Getting Help". |
| Create | Creates a filter and assigns it a number. A maximum of 64 filters is allowed. |
| Delete | Deletes a specified filter number or all filters. |
| Disable | Disables a specified filter number or all filters. |
| Enable | Enables a specified filter number or all filters. |
| List | Lists a specified filter number or all filters. |
| Exit | Returns you to the previous command level. See "Exiting a Lower Level Environment". |
Use the create command to create an ELS net filter.
Syntax:
Display
Trace
Trap
Remote
If you specify net#_start and net#_end as the same number, you are filtering on a single net number.
The command create trap event GW.009 2 10 filters traps for message GW.009 for net numbers 2 through 10.
If you specify net#_start and net#_end as the same number, you are filtering on a single net number.
The command create remote range ipx 19 22 3 6 filters all ipx messages beginning with IPX.019 and ending with IPX.022 for net numbers 3 through 6 for remote logging.
If you specify net#_start and net#_end as the same number, you are filtering on a single net number.
The command create display subsys ip 1 1, filters all ELS messages for the ip subsystem that contain net number 1 to the display. All other ip subsystem messages are discarded.
Use the delete command to delete a specific ELS filter or all ELS filters.
Syntax:
Use the disable command to disable a specific ELS filter or all ELS filters.
Syntax:
Use the enable command to enable a specific ELS filter or all ELS filters.
Syntax:
Use the list command to list a specific ELS filter or all ELS filters.
Syntax: