Users Guide
Table Of Contents
- Dell EMC SmartFabric OS10 System Log Message Reference Guide Release 10.5.2
- Contents
- Revision history
- About this guide
- System log messages overview
- ACL system log message reference
- AFS system log message reference
- ALM_ACCNT_MAC system log message reference
- ALM_CLOCK system log message reference
- BFD system log message reference
- BGP system log message reference
- CMS system log message reference
- Configuring LLFC system log message reference
- DCBX system log messages
- DENIED_ARP system log message reference
- DOT1X system log message reference
- DYNAMIC_MGMT system log message reference
- EQM system log message reference
- ETL system log message reference
- EVPN system log message reference
- FC_SVCS system log message reference
- FCOE system log message reference
- FEFD system log message reference
- IGMP system log message reference
- IP system log message reference
- IPv6 system log message reference
- ISCSI system log message reference
- LACP system log message reference
- LADF system log message reference
- LB system log message reference
- LLDP system log message reference
- MGMT_CLISH system log message reference
- SYSTEM_MODE_CHANGE system log message reference
- MLD system log message reference
- NDM system log message reference
- PBR match access-list system log message reference
- OPEN_FLOW system log message reference
- OSPFv2 system log message reference
- OSPFv3 system log message reference
- PIM system log message reference
- PTP system log message reference
- QoS system log message reference
- RAGUARD_EVENT system log message reference
- RAGUARD system log message reference
- Routemap with match ACL system log message reference
- Scale VLAN profile system log message reference
- Static and dynamic route system log message reference
- SA system log message reference
- STATIC_MGMTsystem log message reference
- STP system log message reference
- UFD system log message reference
- USER_ROLE_CHANGED system log message reference
- Delay restore port system log message reference
- VLT system log message reference
- VRF system log message reference
- VXLAN system log message reference
- IFM system log message reference
- Index
5. Apply the custom severity profile on the switch.
OS10# event severity-profile mySevProf_1.xml
NOTE: You must restart the switch for the changes to take effect.
6. Restart the switch.
OS10# reload
7. Use the show event severity-profile command to view the custom profile that is active.
OS10# show event severity-profile
Severity Profile Details
--------------------------------------------
Currently Active : default
Active after restart : mySevProf_1.xml
System logging over TLS
To provide enhanced security and privacy in the logged system messages sent to a syslog server, you can use the Transport
Layer Security (TLS) protocol. System logging over TLS encrypts communication between an OS10 switch and a configured
remote logging sever, including:
● Performing mutual authentication of a client and server using public key infrastructure (PKI) certificates
● Encrypting the entire authentication exchange so that neither user ID nor password is vulnerable to discovery, and that the
data is not modified during transport
Confguration notes
System logging over TLS requires that:
● X.509v3 PKI certificates are configured on a certification authority (CA) and installed on the switch. Both the switch and
syslog server exchange a public key in a signed X.509v3 certificate to authenticate each other.
● You configure a security profile for system logging.
Configure system logging over TLS
1. Copy an X.509v3 certificate created by a CA server using a secure method, such as SCP or HTTPS. Then install the trusted
CA certificate in EXEC mode.
crypto ca-cert install ca-cert-filepath [filename]
● ca-cert-filepath specifies the local path to the downloaded certificate; for example, home://CAcert.pem or
usb://CA-cert.pem.
● filename specifies an optional filename that the certificate is stored under in the OS10 trust-store directory. Enter the
filename in the filename.crt format.
2. Obtain an X.509v3 host certificate from the CA server:
a. Create a private key and generate a certificate signing request for the switch.
b. Copy the CSR file to the CA server for signing.
c. Copy the CA-signed certificate to the home directory on the switch.
d. Install the host certificate:
crypto cert install cert-file home://cert-filepath key-file {key-path | private}
[password passphrase] [fips]
When you install an X.509v3 certificate-key pair:
● Both take the name of the certificate. For example, if you install a certificate using:
OS10# crypto cert install cert-file home://Dell_host1.pem key-file home://abcd.key
System log messages overview
11