Versionen im Vergleich

Alte Version 2

changes.mady.by.user LANCOM Redaktion

Gespeichert am

verglichen mit

Neue Version 3

changes.mady.by.user LANCOM Redaktion

Gespeichert am

Schlüssel

  • Diese Zeile wurde hinzugefügt.
  • Diese Zeile wurde entfernt.
  • Formatierung wurde geändert.


Seiteneigenschaften



Question


Description:
What functions are provided by the Syslog selection tab for the router?
Image Removed
Answer:
This Knowledge Base article describes the functions of the Syslog in a LANCOM router or access point.

Functions:
Image Added
Syslog is a service that collects status messages from the network at a central location.
Syslog transfers the status messages as plain text, which is a far more convenient service than SNMP traps, for example, as SNMP offers only a small number of standardized traps and also because SNMP requires the delivery of a MIB
in
(Management Information Base) in order for the device-related traps to be translated.
Furthermore,
Syslog classifies messages according to priority and facility, which enables particular messages to be sent or suppressed.

The size of the syslog buffer depends on the
available
system memory (RAM) and the firmware version:
more
  • More than
32 MB RAM => 2048 syslog messages
  • more than 16 MB RAM => 1024 syslog messages
  • more than 4 MB RAM => 256 syslog messages
  • less than 4 MB RAM => 100 syslog messages
    • ca. 85 MB free RAM and a firmware as of version 10.12 = maximum of 23000 Syslog messages
      • Example: 1781VA with 256 MB RAM
    • At least 32 MB available RAM = maximum of 2048 Syslog messages
      • Example: 1721+ VPN with 32 MB RAM


    Info

    A router with 128 MB RAM (e.g. the 1781A) usually has less than 85 MB free RAM, thereby only supporting a maximum of 2048 Syslog

    E.g. a LANCOM 1721 + VPN has 32 MB RAM avaliable and thus is able to store 2048 syslog

    messages.



    Classifying Syslog messages:
    Syslog messages are divided into various groups (facilities) and are sorted according to priority within a group.
    The Syslog
    daemon
    server (recipient of Syslog messages) can be instructed to display messages of a certain priority for each group, i.e. all messages of the same or of a higher priority will be displayed.
    An example of a well known Syslog
    daemon
    server is
    :
    the Kiwi Syslog
    daemon under http://www.kiwisyslog.com/index.htm
    server.

    Priorities:
    Syslog defines eight priority levels. In LANCOM devices several levels are aggregated, so that there are only five priority levels.


    Priority in LANCOM devicesDescriptionMapping to Syslog severity
    AlertThis priority conveys all messages, the administrator should check upon immediately (e.g. a login error).EMERGENCY, ALERT, CRITICAL
    ErrorThis priority conveys all error messages of the system, which interfere with normal operation (e.g. a connection error).ERROR
    WarningThis priority conveys error messages, which don't interfere with the normal operation (e.g. a connection doesn't use compression albeit it is configured).WARNING
    InformationThis priority conveys all messages, which only have informative character (e.g. Accounting information).NOTICE, INFORM
    DebugThis is the lowest priority. Debug messages should never be conveyed.DEBUG



    Facilities:

    As mentioned above, Syslog messages are divided according to priority and message groups. This additional option is known as Facilities and indicates at least the message source. Syslog defines the following facilities (LANCOM facilities in bold):

    KERNEL Operating system messages (e.g. boot messages)
    USER Freely definable message
    MAIL Messages from the mail system
    DAEMON Messages from a system daemon (driver)
    AUTH Login messages. The LANCOM uses this to report logins via PPP
    SYSLOG Messages from the system daemon (normally --- MARK ---)
    LPR Line Printer Subsystem messages
    NEWS News service messages
    UUCP UUCP service messages
    CRON Timer server service messages
    AUTHPRIV Private authentication system messages. The LANCOM uses this to report console logins (Telnet, SNMP, TFTP, http)
    SYSTEM 0 – 4 Reserved
    LOCAL 0 – 7 Not yet defined facilities. These are used to code LANCOM-specific facilities.


    Syslog message structure:

    Syslog messages are transmitted in plain text (ASCII). The classification by priority and facility is a decimal number in angle brackets placed as a prefix before the message. The Syslog daemon uses this number to decide how to handle the message. When the message is stored the number is removed so only the message remains.
    To be able to identify where the message came from, the LANCOM adds the message source and the alarm level to the message as plain text. Thus a Syslog message appears as follows (note: in the PF field, source and level are not reduced):

    <PF>SOURCE_LEVEL: message

    For example:

    <81>ADMIN_ALERT: Login from outband failed
    <149>ADMIN_INFO: Firmware upload started from 10.0.0.170 {ntserver} via TFTP