User's Manual 57. Syslog and Debug Recordings
Version 6.8 733 Mediant 500L MSBR
57 Syslog and Debug Recordings
Syslog is an event notification protocol that enables a device to send event notification
messages across IP networks to event message collectors, also known as Syslog servers.
The device contains an embedded Syslog client, which sends error reports / events that it
generates to a remote Syslog server using the IP / UDP protocol. This information is a
collection of error, warning, and system messages that records every internal operation of
the device.
For receiving Syslog messages generated by the device, you can use any of the following
Syslog servers:
Device's embedded Syslog server: The device provides an embedded Syslog
server, which is accessed through the Web interface. This provides limited Syslog
server functionality.
Wireshark: Third-party network protocol analyzer (http://www.wireshark.org).
Third-party, Syslog server: Any third-party Syslog server program that enables
filtering of messages according to parameters such as priority, IP sender address,
time, and date.
57.1 Syslog Message Format
The Syslog message is sent from the device to a Syslog server as an ASCII (American
Standard Code for Information Interchange) message. Syslog uses UDP as its underlying
transport layer mechanism. By default, UDP port 514 is assigned to Syslog, but this can be
changed (see ''Enabling Syslog'' on page 737).
Below is an example of a Syslog message:
13:10:57.811 : 10.13.4.12 : NOTICE : [S=235][SID:1034099026] (
lgr_flow)(63 ) UdpTransportObject#0- Adding socket event
for address 10.33.2.42:5060 [Time: 04-19-2012@18:29:39]
Table 57-1: Syslog Message Format Description
Message Item Description
Message Types
Syslog generates the following types of messages:
ERROR: Indicates that a problem has been identified that requires
immediate handling.
WARNING: Indicates an error that might occur if measures are not
taken to prevent it.
NOTICE: Indicates that an unusual event has occurred.
INFO: Indicates an operational message.
DEBUG: Messages used for debugging.
Notes:
The INFO and DEBUG messages are required only for advanced
debugging. Therefore, by default, they are not sent by the device.
When viewing Syslog messages in the Web interface, these
message types are color coded.
Message Sequence
Number
[S=<number>]
By default, Syslog messages are sequentially numbered in the format
[S=<number>], for example, "[S=643]". A skip in the number sequence
of messages indicates a loss of message packets. For example, in the
below Syslog message, messages 238 through 300 were not
received. In other words, 63 Syslog messages were lost (the
sequential numbers are indicated below in bold font):
18:38:14. 52 : 10.33.45.72 : NOTICE:
[S=235][SID:1034099026] (lgr_psbrdex)(619) recv <-
To Next Page
Loading...
Need help?
General
