HPE Community
Comware Based
1753416 Members
7372 Online
108793 Solutions
New Discussion юеВ

HPE logs to Syslog confusion

 
stuart_d1
Advisor

тАО01-08-2018 04:12 AM

тАО01-08-2018 04:12 AM

HPE logs to Syslog confusion

I'm trying to get the logs from a bunch of HPE switches pushed out to our syslog server but I can't get them to work. For the record, the syslog server is up and working and receiving logs from Cisco switches and various firewalls.

The manual states the setup should be:

info-center loghost host-ip [ port port-number ] [ channel { channel-number | channel-name } | facility local-number ] *

 

So I've tried just:

info-center enable

info-center loghost my_syslog_IP

 

I've also tried variations adding channel 2 (and others for testing)

 

But nothing is output.

 

So a question (or 2), do I need to include channel and facility in the command? and if so what on earth is this "facility" as the manual isn't exactly enlightening?

 

It states:

"The value can be local0 to local7 and defaults to local7. Logging facility is mainly used to mark different logging sources, query and filer the logs of the corresponding log source."

but doesn't clarify what local0 to local7 mean.

 

0 Kudos
3 REPLIES 3
johnk3r
Respected Contributor

тАО01-08-2018 07:51 AM

тАО01-08-2018 07:51 AM

Re: HPE logs to Syslog confusion

Try the syntax below, if it works, you just edit with the necessary outputs:

info-center enable
info-center loghost 10.10.10.10 channel loghost facility local5

 

**************************************
ATP FLEXNETWORK V3 | ACSA
0 Kudos
stuart_d1
Advisor

тАО01-10-2018 12:25 AM

тАО01-10-2018 12:25 AM

Re: HPE logs to Syslog confusion

Thank you for the reply but that's pretty much what I have been entering.

However, it doesn't answer my queries as to what 'channel' and 'facilty' do or are for?

Secondly, you have  put local5 - what is that for?

Last, you've put 'loghost' in twice - is that correct?

0 Kudos
sdide
Respected Contributor

тАО01-11-2018 12:09 AM

тАО01-11-2018 12:09 AM

Re: HPE logs to Syslog confusion

Hi,

Facility is something you use to categorize your syslog messages on the syslog server. Facility is, combined with severity) part of the PRIVAL value of a syslog message. I recommend you take a look at:

https://tools.ietf.org/html/rfc5424

read through 6.2.1.

Channels is a comware 5 thing, i think. Logging in comware 5 is basically:

Source ---> Channel.

Channel ---> Logdestination

So channels is a virtualization layer between log-sources and log-destinations.

There is a channelsguide in every comware 5 "Network Management and Monitoring
Configuration Guide". As an example:

https://support.hpe.com/hpsc/doc/public/display?sp4ts.oid=5332909&docLocale=en_US&docId=emr_na-c03586724

Regards.

S├╕ren Dideriksen, Network Administrator
Region Midtjylland
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.