User`s guide
XSR User’s Guide 25
Chapter 2 Utilizing the Command Line Interface
Managing the XSR
Managing Message Logs
Messages produced by the XSR, whether alarms or events, as well as link
state changes for critical ports and a management authentication log, can be
routed to various destinations with the
logging command. And by issuing
the
no logging command, you can block messages to a site while permitting
transmission to others.
For normal operation, you should log only HIGH severity alarms which
indicate critical events and those requiring operator intervention. Be aware
that the XSR may drop MEDIUM, LOW, and DEBUG level alarms if the
system is too busy to deliver them. In that case, the following alarm will be
generated where XX is the number of messages:
“Logging Storm Encountered - discarded XX debug/low/medium messages”
Be aware that the DEBUG alarm level is used by maintenance personnel only.
The XSR serves the following logging destinations:
Syslog (to remote Syslog server over the network)
Console terminal
Monitor (up to five CLI sessions via Telnet)
Buffer (Log file in XSR’s RAM)
Buffer (log file) on CompactFlash card when persistent logging (after
power loss) is enabled for the firewall (see “Configuring Security on
the XSR” on page 311 for more information)
SNMP Trap (async notification by XSR to the SNMP Manager)
Logging Commands
Logging into individual destinations can be enabled or disabled based on
severity level of the message (high, medium, low and debug) using the
logging command. Note that entering logging medium sets that level for all
destinations. Also, you can display your logging configuration with the
show
logging
command and show or clear messages in the memory buffer with
the
show logging history and clear logging commands, respectively.
The entire message history is lost when the XSR is powered down.
See “Alarms/Events and System Limits” on page 355 for a thorough listing of
XSR alarms/events and the XSR CLI Reference Guide for command details.