Filter
Top Products
Using and Configuring ELS Remote Logging
The remotely-logged ELS message contains all of the information that is contained
in ELS messages found in the monitor queue, as viewed under talk 2, and also
contains additional information as shown in Figure 5.
Note the following differences in the remote log display:
v The month and day of month in addition to the time, which is always displayed
as the time-of-day.
v An IP address, which is the user-specified source IP address. If a DNS server
resolves the source IP address to a hostname, then the hostname will be
displayed instead of the IP address.
v A Sequence number is added to the message by the source device to assist in
detecting dropped messages. See “Remote Logging Output” on page 159 for an
explanation of dropped messages. When the sequence number of the message
reaches 9999, the next sequence number is 0001.
v A “Local Name” for the source router, to assist in distinguishing between
messages from multiple sources. If you do not configure a local name, this field
is blank.
Syslog Facility and Level
Remotely-logged ELS messages are transmitted over the network in UDP packets
with the destination port number in the UDP header always equal to 514, the syslog
port. To receive and process the UDP packets, the
syslog daemon
(syslogd) must
be running in the remote workstation that is receiving and logging the ELS
messages. See “Remote Workstation Configuration” for details.
Although it is not displayed in the remotely-logged ELS message, every ELS
message sent on the network in a UDP packet must be assigned a
syslog_facility
and a
syslog_level
. The syslog daemon uses the combination of facility and level to
determine where to route the message. Typically, you want the ELS messages to
be written to one or more files in the remote host. Other options include displaying
the message on the console, sending the message to one or more users, or
sending the message to another workstation.
The commands you use to specify the
syslog_facility
and
syslog_level
values, along
with other remote-logging related console commands, are described in “ELS
Monitoring Commands” on page 188 and “ELS Configuration Commands” on
page 167 . Review these commands before reading through the next section.
Remote Workstation Configuration
The following configuration assumes that a single 2210 is remote-logging to a single
remote workstation. You can configure multiple 2210s to remote-log to the same
Date/Time IP address Sequence Number Local Name ELS Subsystem Name, &
assigned used for detecting assigned Formatted message
by the user missing messages by the user
Nov 20 12:13:47 5.1.1.1 Msg [0444] from ** IBM/2210 ** :els: ARP.011 Del ent ...
Figure 5. Syslog Message Description
Using ELS
Chapter 12. Using the Event Logging System (ELS) 155