Comware

 View Only
last person joined: 5 days ago 

Expand all | Collapse all

HPE logs to Syslog confusion

This thread has been viewed 0 times
  • 1.  HPE logs to Syslog confusion

    Posted Jan 08, 2018 07:12 AM

    I'm trying to get the logs from a bunch of HPE switches pushed out to our syslog server but I can't get them to work. For the record, the syslog server is up and working and receiving logs from Cisco switches and various firewalls.

    The manual states the setup should be:

    info-center loghost host-ip [ port port-number ] [ channel { channel-number | channel-name } | facility local-number ] *

     

    So I've tried just:

    info-center enable

    info-center loghost my_syslog_IP

     

    I've also tried variations adding channel 2 (and others for testing)

     

    But nothing is output.

     

    So a question (or 2), do I need to include channel and facility in the command? and if so what on earth is this "facility" as the manual isn't exactly enlightening?

     

    It states:

    "The value can be local0 to local7 and defaults to local7. Logging facility is mainly used to mark different logging sources, query and filer the logs of the corresponding log source."

    but doesn't clarify what local0 to local7 mean.

     


    #syslog


  • 2.  RE: HPE logs to Syslog confusion

    Posted Jan 08, 2018 10:52 AM

    Try the syntax below, if it works, you just edit with the necessary outputs:

    info-center enable
    info-center loghost 10.10.10.10 channel loghost facility local5

     



  • 3.  RE: HPE logs to Syslog confusion

    Posted Jan 10, 2018 03:26 AM

    Thank you for the reply but that's pretty much what I have been entering.

    However, it doesn't answer my queries as to what 'channel' and 'facilty' do or are for?

    Secondly, you have  put local5 - what is that for?

    Last, you've put 'loghost' in twice - is that correct?



  • 4.  RE: HPE logs to Syslog confusion

    Posted Jan 11, 2018 03:10 AM

    Hi,

    Facility is something you use to categorize your syslog messages on the syslog server. Facility is, combined with severity) part of the PRIVAL value of a syslog message. I recommend you take a look at:

    https://tools.ietf.org/html/rfc5424

    read through 6.2.1.

    Channels is a comware 5 thing, i think. Logging in comware 5 is basically:

    Source ---> Channel.

    Channel ---> Logdestination

    So channels is a virtualization layer between log-sources and log-destinations.

    There is a channelsguide in every comware 5 "Network Management and Monitoring
    Configuration Guide". As an example:

    https://support.hpe.com/hpsc/doc/public/display?sp4ts.oid=5332909&docLocale=en_US&docId=emr_na-c03586724

    Regards.