System Log (Syslog) is an RFC 3164 compliant protocol. The syslog protocol provides a transport to allow a machine to send event notification messages across IP networks to event message collectors (aka syslog servers). A Syslog message is any IP packet sent via Syslog protocol using UDP port 514 (by default). These messages are generated instantly as and when an event (e.g. Interface UP/DOWN, login/logout, save and restore config, max temperature threshold) occurs during the device’s operation.
The full format of a Syslog message seen on the wire has three discernable parts. The first part is called the PRI, the second part is the header, and the third part is the MSG. The total length of the packet must be 1024 bytes or less. RAPTOR ensures that each syslog message do not exceed 1024 bytes.
In its first PRI part, every syslog message contains a Priority value which represents both the Facility and Severity. The HEADER consists of VERSION, TIMESTAMP, HOSTNAME (or IPv4 or IPv6 address), APP-NAME, PROCID, and MSGID. The TIMESTAMP field is the local time and is in the format of "Mmm dd hh:mm:ss" (without the quote marks) value in “mmm dd hh:mm:ss” format.
The device allows an administrator to direct the log messages to local storage (RAM/Flash) or to remote Syslog server which runs in any Linux/Windows machine. In case of remote logging, RAPTOR uses IP-based communication to log message to remote server. Syslog client in RAPTOR can also send the same message to different collector if configured by the administrator. One of the fundamental tenets of the syslog protocol and process is its simplicity. The transmission of syslog messages may be started on a device without a receiver being configured, or even actually physically present. This simplicity has greatly aided the acceptance and deployment of syslog.
Each message Priority has a decimal Severity level indicator between 0 – 7. The lower the value, the higher the priority. RAPTOR’s Software is provisioned with more than 1500 SYSLOG messages covering errors, alerts, and major events. Table 1 shows the list of all severity levels along with their numerical values.
| Value | Severity | Keyword | Description | Condition |
|---|---|---|---|---|
| 0 | Emergency | emerg | System is unusable | A panic condition |
| 1 | Alert | alert | Action must be taken immediately | A condition that should be corrected immediately, such as corrupted system database. |
| 2 | Critical | crit | Critical conditions | Hard device errors. |
| 3 | Error | err | Error conditions | Specified any error condition happened in the system operation. |
| 4 | Warning | warning | Warning conditions | Specified any abnormalities happening in the system operation. |
| 5 | Notice | notice | Normal but significant conditions | Conditions that are not error conditions, but that may require special handling. |
| 6 | Informational | info | Informational messages | Information to users. |
| 7 | Debug | debug | Debug-level messages | Messages that contain information normally of use only when debugging a program. |
Each syslog message includes a priority value in the beginning of the text message. The priority value ranges between 0 to 191 and it made up of facility and severity values. The priority is enclosed with in “<>” delimiters. The formula for calculating the priority value is:
Priority Value = Facility Level Numerical Value + Severity Value
For example, for a local4 message (Facility level value 160) with a Severity of Notice (Severity=5), the Priority would have a Priority value of 165.
Facility code is used to specify the type of program logging the message. Messages with different facilities can be handled differently. This term comes into picture when we start using remote logging mechanism. There are total of 8 facility levels ranging between local0 and local7. Each facility level has a value assigned to it—local0 (128), local1 (136), local2 (144), local3(152), local4(160), local5(168), local6(176), and local7 (184). Raptor is configured with default facility level (local0) and all messages are sent with this facility level unless configured to use different facility level. The idea of the facility level configuration is to differentiate and filter logs.
<165>1 2003-08-24T05:14:15.000003-07:00 192.0.2.1 su 8710 ID47 BOM 'su root' failed for lonvick on /dev/pts/8This example of valid syslog messages is based on section 6.5 Examples of RFC 5425.
Shown below is the list of factory default values configured after a clean start.
There are two types of local logging mechanisms. Mechanism 1 is stored in RAM and 2 is stored in Flash memory.
In this mechanism, the Syslog messages are stored in RAM. Syslog client in Raptor can store 200 messages (default) at a time which can be configured to maximum of 4096 messages. Once the maximum level is reached, it rolls on i.e. the latest messages will be displayed and the oldest messages will be erased.
There is a rule in local logging mechanism as per which all levels below the configured reference severity level are automatically logged. For example, if critical is the default level with priority value of 2, the levels below are alert with a value of 1 and emergency (level 0). Both below levels are automatically logged. Therefore, there will be no need for configuration needed if the administrator needs to log only critical and levels below messages. If we had configured the logging severity as debugging whose value is 7 (the maximum), in that case, all severity levels (7-0) would have been logged automatically
| Command Syntax | Description |
|---|---|
| logging local buffered 4096 | Configures maximum storage capability to 4096. Default value is 200. |
| logging severity debugging | Sets the reference severity level to debugging. Default value is “Critical”. |
| syslog localstorage | Enables the syslog local storage capability. This command is enabledwith the help of init script during Raptor boot up. |
| no logging severity | This will revert back the reference severity level back to default, which is Critical severity level. |
| no logging buffered | This will reset the buffer level back to default value 200. |
| no syslog localstorage | |
| show logging | Displays the syslog messages stored in RAM. |
| clear logs | Deletes all the captured syslog messages in RAM |
From the above shown CLI commands, the logging severity level is configured as debugging, and hence the priority value below 7 (emergency/alert/critical/error/warning/notice/info/debug) is automatically logged in RAM.
The “show logging” command lists all captured syslog messages in RAM. It displays the latest collected logs and deletes the oldest messages. The buffer size is set to max 4096 and the facility level configured is local0 (see below).
System Log Information----------------------Syslog logging : enabled(Number of messages 127)Console logging : disabled(Number of messages 0)TimeStamp option : enabledSeverity logging : CriticalFacility : local1Buffered size : 4096 EntriesThis second local logging method is storing syslog messages in flash memory. We can set a file name of user choice in a flash and redirect all syslog messages to the created file. First, we create a file name and next associate the messages (based on severity) to the log file.
Each created file can accommodate 4 MB of data. Once the 4 MB data quota is reached, the log messages will be moved to the same file name with a .bk extension and a new file will be created (with the same name) in which the live logging will continue. This process is a repeating cycle, as each time 4 MB of data is reached, the old logs are moved to a .bk file and the live logging takes place in a new file. So, the flash consumption is restricted to max of 8MB (4 MB for. bk file which has the old log messages and 4 MB where the current live logging takes place).
There is CLI command to set the flash file size and its threshold limit at run time. This option helps user to maximize the file storage size from default 4 MB up to 10 MB. The CLI configuration is:
| Command Syntax | Description |
|---|---|
| logging filesize <integer 1-10> | Sets logging Flash file size between 1 – 10 MB. Default is 1 MB |
| logsize-threshold <integer (1-99)> | This command sets the threshold limit of the logging file size as well as the flash usage. It serves two purposes. |
A maximum of 3 files can be created. The CLI commands for configuring the files are shown in the table below.
| Command Syntax | Description |
|---|---|
| syslog filename-one my_syslog | A flash file with a name my_syslog is created. |
| syslog filename-two two | A flash file with a name two is created. |
| syslog filename-three three | A flash file with a name three is created. |
The original command provided was as shown in Table 6. In the original command, the user had to provide the priority value between 0-191. It is a bit tedious process to choose the value as the user had to do some calculation of the priority based on the numerical values of facility and severity level of the syslog message that needs to be logged on.
Therefore, the command had been simplified as shown in Table 6. The user does not need to provide the hard coded value but rather just specify the severity of the message that needs to be logged into the file.
| Command Syntax | Description |
|---|---|
| logging-file <short (0-191)> <string (32)> | 0-191 is the priority value that user should provide and the string is the file name. |
| Command Syntax | Description |
|---|---|
| logging local {buffered [<short (1-4096)>]| flash {{{alerts | critical | debugging |emergencies | errors | informational|notification | warnings} file <string(32)>} | size <integer (1-10)> }} | Simplified command which logs based on severity level specified by user. At backend, we calculate the associated priority. |
| logging local flash debugging file one | Redirects debugging severity to flash file “one” |
| logging local flash critical file two | Redirects critical severity to flash file “two” |
| logging local flash alert file three | Redirects alert severity to flash file “three” |
| no logging local flash debugging file one | Unconfigures the local flash logging for debugging severity for flash file “one” |
| no logging local flash critical file two | Unconfigures the local flash logging for criticalseverity for file named “two”. |
| no logging local flash alert file three | Unconfigures the local flash logging for alertseverity for file name “three”. |
All Syslog and other log files (fsir.log.xxx & audit log) are created and stored under /mnt/log flash folder. The capacity of the log folder is 118 MB. To prevent the flash log folder getting fully occupied, a restriction mechanism had been devised.
When the usage of this folder reaches the threshold, in the console prompt, a warning message such as the one shown below is generated for the user. The warning will appear every time when there is an attempt for a syslog message to be logged in a flash file and until space in the flash file is freed.
Warning: Syslog flash storage crossed its threshold limit. Do you want to erase logs (Y/N) [N]?If an user presses Yes, all log files in the flash log directory will be deleted.
If an user selects No or just presses Enter (i.e. the default option which is No is activated), the console prompt is returned to normal operation. The administrator can later transfer the log messages from the flash directory to an external Windows / Linux machine and erase the logs to save space. The CLI configuration commands to do the same are outlined in Table 7.
| Command Syntax | Description |
|---|---|
| copy flash log threetftp://192.168.10.66/three | Copies flash file “three” to remote machine |
| copy flash log threetftp://192.168.10.66/syslog | The source file and the destination file don’t need to be same. |
| erase flash log three | This CLI command deletes the specific log file in flash named “three” |
When the flash is occupied to its maximum capacity of 118 MB, a second level of restriction mechanism is activated, and an error message as captured below is generated. The user will be prevented from creating new file.
iS5Comm <config># syslog filename-two <string(32)>ERROR: Flash space exhausted. Please delete log files and then try againiS5Comm <config>#There will be a new CLI command added for copying the Syslog file from internal flash to external USB flash drive. The command is outlines in the table below.
| Command Syntax | Description |
|---|---|
| copy flash log three usb three | Copies internal flash (source) file named “three” to USB drive with destination name as given by the user. |
| copy flash log three usb syslog | The source file and destination file don’t need to be same. |
| Command Syntax | Description |
|---|---|
| show flash logs | This command is executed in global execution mode which lists the flash contents. |
iS5Comm <config># logging severity debuggingiS5Comm <config># syslog filename-one one iS5Comm <config># syslog filename-two twoiS5Comm <config># syslog filename-three threeiS5Comm <config># logging local flash debugging file oneiS5Comm <config># logging local flash alert file twoiS5Comm <config># logging local flash critical file three iS5Comm <config># endAs per the example configuration shown above, the above set of configurations creates flash file named “one”, “two”, and “three” in the flash directory /mnt/log/ and the debugging severity messages are directed to file “one”, alert severity messages are directed to “two”, and critical severity messages are directed to “three”.
For instance, if file “one” has reached its quota 4 MB, the log messages in file “one” is backed up in a new file named “one.bk” and the newly generated messages are still logged to file “one” as a new file. This cycle is repeated every time 4 MB is reached.
The remote logging is transferring the Syslog messages to syslog remote server running in any Windows/Linux machine. These messages are transferred instantly when an event (e.g. Link up/down, attaining max temperature threshold) occurs in RAPTOR via a UDP socket. These messages can be filtered based on the severity & facility level.
For the remote logging to take place, first we need to set the reference severity, and then configure which severity to be logged to the remote syslog server. The default logging severity is Critical (3). So, when an event occurs the SYSLOG client application first check if the severity level of the message is less that or equal to reference severity level, and second, it checks if there is any remote server configured for that severity. Only if both conditions are satisfied, the log will be transferred to the remote server.
The original CLI command for logging the message to remote server is shown in Table 10. In a similar manner as the logging-file CLI command, this command also requires a user to specify the priority value between 0-191. loggingfile CLI command had been replaced with a CLI commands for remote logging which uses severity levels instead of priority levels. The new CLI commands for remote logging are displayed in Table 11.
| Command Syntax | Description |
|---|---|
| logging-server <short (0-191)> {ipv4<ucast_addr> |ipv6 <ip6_addr>|<dns_host_name>} [ port <integer (1- 65535)>] | 0-191 is the priority value that Raptor requiresthe user to configure. |
| Command Syntax | Description |
|---|---|
| logging remote {alerts | critical | debugging| emergencies | errors | informational |notification | warnings} {ipv4 <ucast_addr> |ipv6 <ip6_addr> | <dns_host_name>} [ port<integer (1-65535)>] [{udp | tcp | beep}] | Simplified command for setting the remote logging severity based on the severity rather than priority. At backend we calculate theassociated priority. |
| logging remote alerts ipv4 < syslog-server IPaddress> | Logs alert level messages |
| logging remote critical ipv4 < syslog-serverIP address> | Logs critical level messages |
| logging remote debugging ipv4 < syslog-serverIP address> | Logs debugging level messages |
| logging remote emergencies ipv4 < syslogserver IP address> | Logs emergency level messages |
| logging remote errors ipv4 <syslog-server IPaddress> | Logs error level messages |
| logging remote informational ipv4 <syslogserver IP address> | Logs informational level messages |
| logging remote notification ipv4 <syslogserver IP address> | Logs notification level messages |
| logging remote warnings ipv4 <syslog-server IP address> | Logs warning level messages |
| no logging remote alerts ipv4 <syslog-server IP address> | Unconfigures the remote logging server for alerts severity level. |
| no logging remote critical ipv4 <syslog-server IP address> | Unconfigures the remote logging server for critical severity level |
We can have maximum of seven different syslog server IP address configurations, and ideally each severity level (total 0 - 7) can be logged to eight different servers.
There are eight facility levels in total which can be configured. The purpose of these commands is to differentiate and filter syslog messages in the external syslog severs. The default facility is Local0.
| Command Syntax | Description |
|---|---|
| logging severity debugging | Sets the reference severity level |
| logging facility local1 | Sets the logging facility aslocal1 |
| logging remote critical ipv4 < syslog-serverIP address> | Logs critical level messages |
| logging remote debugging ipv4 < syslog-serverIP address> | Logs debugging level messages |
| logging remote emergencies ipv4 < syslogserver IP address> | Logs emergency level messages |
iS5Comm <config># logging severity debuggingiS5Comm <config># logging remote debugging ipv4 192.168.10.67iS5Comm <config># remote critical ipv4 192.168.10.68iS5Comm <config># endThe above set of configurations logs debugging severity messages under facility level local1. Facility level is a onetime configuration. Once it is set, all message generation will follow the same facility level, i.e. severity cannot be set to different facility level.
iS5Comm <config># logging severity debuggingiS5Comm <config># logging facility local1iS5Comm <config># logging remote debugging ipv4 192.168.10.67iS5Comm <config># endThe above set of configurations logs debugging severity messages under facility level local1. Facility level is a onetime configuration, and once it is set, all message generation will follow the same facility level, i.e. severity cannot be set with different facility level.
What follows is a list of the Syslogs supported by the device.
| Module | Syslog Message | Severity Level |
|---|---|---|
| STP-RSTP | Total number of ports in switch exceeds 4094,STP can run only on ports upto 4094. Hence this port will not be participating in the spanning tree | Alert |
| STP-RSTP | Setting of port state failed in hardware | Alert |
| VLAN | SBP oper Status is [UP / Down] for SCID-SVID (<port no> - <port no>) on the UAP port | Informational |
| VLAN | Not owned context exists: vlan_curr_context_thread | Critical |
| VLAN | Context owned by vlan_curr_context_thread not owned by current thread | Critical |
| VLAN | VLAN: Source relearning has Occurred for Mac Address from one port to another port | Informational |
| VLAN | Failed to program MAC address during creation/deletion/updating the unicast entry from the peer node | Error |
| VLAN | MAC learning limit has reached for VLAN ID | Error |
| Link Aggregation | LaEnqueueControlFrame: Ctrl Mesg ALLOC_MEM_BLOCK FAILED | Critical |
| Link Aggregation | Reason for Recovery is Threadhold Exceed for Port | Critical |
| Link Aggregation | Reason for Recovery is Port Defaulted for Port | Critical |
| Link Aggregation | Reason for Recovery is H/w Failure for Port | Critical |
| Link Aggregation | Recovery trigger for Port has exceeded the threshold.Performing admin down action | Critical |
| Link Aggregation | Recovery trigger for Port has exceeded the threshold.Performing no action | Critical |
| Link Aggregation | LaCreatePort: Intf Mesg ALLOC_MEM_BLOCK FAILED | Critical |
| Link Aggregation | LaMapPort: Intf Mesg ALLOC_MEM_BLOCK FAILED | Critical |
| Link Aggregation | LaDeletePort: Intf Mesg ALLOC_MEM_BLOCK FAILED | Critical |
| Link Aggregation | LaUnmapPort: Intf Mesg ALLOC_MEM_BLOCK FAILED | Critical |
| Link Aggregation | LaUpdatePortStatus: Intf Mesg ALLOC_MEM_BLOCK FAILED | Critical |
| Link Aggregation | LaAsyncNpUpdateStatus:Intf Msg ALLOC_MEM_BLOCK FAILED | Critical |
| Link Aggregation | Reason for Error Recovery timer Start is Threadhold Exceed for Port | Critical |
| Link Aggregation | Reason for Error Recovery timer Start is Port Defaulted for Port | Critical |
| Link Aggregation | Reason for Error Recovery timer Start is H/w Failure for Port | Critical |
| Link Aggregation | [NP-FAULT - LA] operation has failed | Critical |
| Link Aggregation | LaEnqueueControlFrame: Ctrl Mesg ALLOC_MEM_BLOCK FAILED | Critical |
| PNAC | Allocate mem block for Pnac Configuration Message failed | Critical |
| PNAC | Allocate mem block for Pnac Interface Message failed | Critical |
| PNAC | PAE: PnacSetPnacPortAuthMode Allocate mem block for Pnac Interface Message failed | Critical |
| PNAC | PAE: PnacSetPnacPortAuthControl Allocate mem block for Pnac Interface Message failed | Critical |
| PNAC | Memory Allocation for PnacCallBackEvent Message failed | Critical |
| PNAC | Allocate mem block for Pnac Interface Message failed | Critical |
| PNAC | [NP-FAULT] errors | Alert |
| WEBNM | Firmware upgrade successful | Notice |
| WEBNM | WEBNM: Improper realm in HTTP Digest Authentication scheme | Alert |
| WEBNM | WEBNM: HTTPS session established successfully from <IP address> | Informational |
| WEBNM | WEBNM: User is blocked, Login Not Allowed | Alert |
| WEBNM | WEBNM: The RequestDigest sent by the client is INVALID | Alert |
| WEBNM | WEBNM: Attempt to block the user failed | Alert |
| WEBNM | WEBNM: Attempt to login with wrong credentials | Alert |
| WEBNM | WEBNM: User requires password change, redirecting. | Alert |
| WEBNM | WEBNM: Successfully logged as User | Alert |
| WEBNM | WEBNM: User successfuly logged out | Informational |
| WEBNM | WEBNM: Attempt to Login with Wrong Password | Alert |
| WEBNM | WEBNM: Session logout Idle timer expired for web | Alert |
| DHCP_SRV | Pool utilization exceeded threshold level | Alert |
| SNTP | Displaying info of old time, new time, server IP address | Informational |
| SNTP | No Server Found. Stopping further requests… | Informational |
| SNTP | Server is not responding. Stopping further requests to this server... | Informational |
| SNTP | primary server is not responding | Informational |
| SNTP | secondary server is not responding | Informational |
| SNTP | Unable to reach Primary and Secondary Server | Informational |
| SNTP | Displaying info of old time, new time, server IP address | Informational |
| LLDP | LldpVlndbNotifyVlnInfoChgForPort Intf Msg ALLOC_MEM_BLOCK FAILED | Critical |
| LLDP | LldpVlndbNotifyVlanInfoChg Intf Msg ALLOC_MEM_BLOCK FAILED | Critical |
| LLDP | LldpApiNotifyIfCreate: Port <port no>: Intf creation Msg ALLOC_MEM_BLOCK FAILED | Critical |
| LLDP | LldpApiNotifyIfMap: Port <port no> : Intf mapping Msg ALLOC_MEM_BLOCK FAILED | Critical |
| LLDP | LldpApiNotifyIfDelete: Port <port no> : Intf Deletion Msg ALLOC_MEM_BLOCK FAILED | Critical |
| LLDP | LldpApiNotifyIfUnMap: Port<port no> : Intf Unmapping Msg ALLOC_MEM_BLOCK FAILED | Critical |
| LLDP | LldpApiNotifyIfAlias: Port <port no> : Intf Msg ALLOC_MEM_BLOCK FAILED | Critical |
| LLDP | LldpApiNotifyAgentCircuitId: Port <port no> : Intf Msg ALLOC_MEM_BLOCK FAILED | Critical |
| LLDP | LldpApiNotifyIfOperStatusChg: Port <port no> : Intf Msg ALLOC_MEM_BLOCK FAILED | Critical |
| LLDP | LldpApiEnqIncomingFrame: Port <port no> : MemAlloc Failed for RxPduQPoolId | Critical |
| LLDP | LLDPNotifyPortVlanId: Port <port no> : Intf Msg ALLOC_MEM_BLOCK FAILED | Critical |
| LLDP | LldpApiNotifyProtoVlanStatus: Port <port no> : Intf Msg ALLOC_MEM_BLOCK FAILED | Critical |
| LLDP | LldpApiNotifyProtoVlanId: Port <port no> : Intf Msg ALLOC_MEM_BLOCK FAILED | Critical |
| LLDP | LldpApiNotifyPortAggCapability: Port <port no> : Intf Msg ALLOC_MEM_BLOCK FAILED | Critical |
| LLDP | LldpApiNotifyResetAggCapability Intf Msg ALLOC_MEM_BLOCK FAILED" | Critical |
| LLDP | LldpApiNotifyAggStatus: Port <port no> : Intf Msg ALLOC_MEM_BLOCK FAILED | Critical |
| LLDP | LldpApiNotifySysName : Mem Allocation Failed for QMsgPoolId while Notifying System Name change | Critical |
| LLDP | LldpApiNotifySysDesc : Mem Allocation Failed for QMsgPoolId while Notifying System Desc change | Critical |
| LLDP | LldpApiNotifyIpv6IfStatusChange : Failed to allocate memory for the QMsgPoolId | Critical |
| LLDP | "LldpApiApplPortReg: Port <port no> : Appln Reg. Msg ALLOC_MEM_BLOCK FAILED | Critical |
| LLDP | LldpApiApplPortReg: Port <port no> : Appln TLV Msg ALLOC_MEM_BLOCK FAILED | Critical |
| LLDP | LldpApiSetDstMac: Port <port no> : Appln Reg Msg ALLOC_MEM_BLOCK FAILED | Critical |
| LLDP | LldpApiNotifyPortDesc : Mem Allocation Failed for QMsgPoolId while Notifying Port Desc change | Critical |
| LLDP | LldpApiNotifyIfCreate: Port <port no> : Intf creation Msg ALLOC_MEM_BLOCK FAILED | Critical |
| LLDP | Mempool Allocation Failure for New RemManAddr Node | Critical |
| LLDP | LldpTlvUpdtUnrecogOrgDefTlv : Mempool Allocation Failure for New Unrecog Org Spec TLV Node - But returning SUCCESS as it is not required to store application TLVS in LLDP" | Critical |
| LLDP | Mempool Allocation Failure for New RemUnknownTlv Node | Critical |
| LLDP | LldpIfCreate: Alloc mem block for port FAILED | Critical |
| LLDP | LldpIfCreate: Alloc mem block for lldp agent mapping FAILED | Critical |
| LLDP | LldpIfCreate: RBTree add for lldp agent mapping FAILED | Critical |
| LLDP | LldpIfCreate: Alloc mem block FAILED | Critical |
| LLDP | LldpTxUtlAddIpv4Addr : Failed to allocate memory for Local ManAddr Node | Critical |
| LLDP | (LldpTxUtlAddIpv6Addr) - Failed to allocate memory for Local ManAddr Node | Critical |
| LLDP | LldpTxUtlAddProtoVlanEntry: Memory allocation failed!! | Critical |
| LLDP | LldpDot3TlvUpdtOrgSpecTlv: Mempool Allocation Failure for New RemManAddr Node | Critical |
| LLDP | LldpDot1TlvUpdtProtoVlanIdTlv; Mempool Allocation Failure for New Protocol Vlan Node | Critical |
| LLDP | LldpDot1TlvUpdtVlanNameTlv: Mempool Allocation Failure for New Vlan Name Node | Critical |
| LLDP | LldpDot3TlvUpdtOrgSpecTlv: Mempool Allocation Failure for New RemManAddr Node | Critical |
| PTP1588 | No change in profile | Informational |
| PTP1588 | PTP Profile change failed (Domain switch to <domain no> failed) | Error |
| PTP1588 | PTP Profile changed to <profile name> | Informational |
| PTP1588 | printing error | Error |
| OSPF | Max LSA limit reached for size | Critical |
| OSPF | LSA Alloc Failure | Critical |
| OSPF | DDP Processing Stopped Due To LRQ Alloc Failure | Critical |
| VRRP | Error Observed for VrId <vr id > Address Type <type> with reason | Error |
| VRRP | Not Master for VRID %d Address Type | Notice |
| VRRP | Track IP address <ip addr> is DOWN | Informational |
| VRRP | Track IP address <IP addr> is UP/Restored | Informational |
| VRRP | Entering VrrpRedInitGlobalInfo | Informational |
| IGMP | Summarised GroupList Record already exists | Error |
| IGMP | Entering IgmpMatchGroupList | Informational |
| IGMP | Exiting IgmpMatchGroupList | Informational |
| IGMP | Entering IgmpCheckForLimit | Informational |
| IGMP | Membership report for group <address> is ignored as Global Limit Reached | Error |
| IGMP | Membership report for group <address> is ignored as Interface Limit Reached | Error |
| IGMP | Exiting IgmpCheckForLimit | Informational |
| IGMP | Entering IgmpMgmtUtilNmhTestv2FsIgmpInterfaceGroupListId | Informational |
| IGMP | Interfacenode not exist with ifindex | Error |
| IGMP | Exiting IgmpMgmtUtilNmhTestv2FsIgmpInterfaceGroupListId | Informational |
| IGMP | Limit should be less than <value> | Error |
| IGMP | Group List Id should not be zero | Error |
| IGMP | Group List IP is not in multicast range | Error |
| IGMP | Inconistent maks is not in multicast range | Error |
| IGMP | Entry exists | Error |
| IGMP | Summarised GroupList Record already exists | Error |
| IGMP | No entry exists with <grplistID>,<grpIP>,<PrefixLen> | Error |
| IGMP | Limit should be less than MAX_IGMP_MCAST_GRPS | Error |
| IGMP | Igmp not enabled globally | Error |
| IGMP | IGMP SSM Mapping should be globally enabled | Error |
| IGMP | Invalid IGMP SSM Mapping Start Group address | Error |
| IGMP | Invalid IGMP SSM Mapping End Group address | Error |
| IGMP | Invalid IGMP SSM Mapping Source address | Error |
| IGMP | Starting multicast group range is greater than ending multicast group range | Error |
| IGMP | IGMP SSM Mapping for the given range of group address is a superset of already configured range | Error |
| IGMP | IGMP SSM Mapping for the given range of group address to the source address already exists | Error |
| IGMP | IGMP SSM Mapping Source-List is full for the given range of group address | Error |
| IGMP | IGMP SSM Mapping for the given range of group address overlaps with already configured range | Error |
| IGMP | IGMP SSM Mapping for the given range of group address to the source address does not exist | Error |
| Watchdog | Reading status of <taskname> as NOT ACTIVE | Alert |
| Watchdog | Generating core dump | Alert |
| Watchdog | Timer expired but associted registered task does NOT exists | Alert |
| Snooping | Memory allocation for group entry failed | Critical |
| Snooping | [NP-FAULT] | Alert |
| Snooping | Memory alloc for ASM Host entry failed | Critical |
| Snooping | Memory allocation for port entry for group failed | Critical |
| Snooping | Memory alloc for Host entry for group failed | Critical |
| Snooping | Memory allocation for SSM host source bitmap failed | Critical |
| Snooping | Memory allocation for SSM port entry for group failed | Critical |
| Snooping | Memory allocation for SSM port source bitmap failed | Critical |
| Snooping | Memory allocation for Host entry for group failed | Critical |
| Snooping | Memory allocation for SSM host source bitmap failed | Critical |
| Snooping | Memory allocation for consolidated group entry failed | Critical |
| Opensource/SSH | Failed to Establish Connection with client,max session exceeded | Alert |
| Opensource/SSH | Bad protocol version identification | Alert |
| Opensource/SSH | SSL ssl23_read_bytes: No data or Invalid data/port from <IP> | Alert |
| CFA2 | CFA updated status to watchdog as ACTIVE Failed | Alert |
| CFA2 | <intf> Link Status [DOWN/UP] | Alert |
| CFA2 | IP Address change in Default vlan interface | Notice |
| System | Physical Index Validation Failed | Critical |
| System | Physical Contained In Get Operation Failed | Critical |
| System | Physical Class Get Operation Failed | Critical |
| System | Physical Parent Relative Position Get Operation Failed | Critical |
| System | Physical Name Get Operation Failed | Critical |
| System | Physical Hardware Revision Get Operation Failed | Critical |
| System | Physical Firmware Revision Get Operation Failed | Critical |
| System | Physical Software Revision Get Operation Failed | Critical |
| System | Physical Serial Number Get Operation Failed | Critical |
| System | Physical component Manufacturer's Name Get Operation Failed | Critical |
| System | Physical component's Model Name Get Operation Failed | Critical |
| System | Physical component's Alias Name Get Operation Failed | Critical |
| System | Physical component's Asset Id Get Operation Failed | Critical |
| System | Physical component's FRU status Get Operation Failed | Critical |
| System | Physical component's Mfg Date Get Operation Failed | Critical |
| System | Physical component's Uris Name Get Operation Failed | Critical |
| System | Physical component's Serial Num Set Operation Failed | Critical |
| System | Physical component's Serial Number Set Operation Failed | Critical |
| System | Physical component's Alias Name Set Operation Failed | Critical |
| System | Physical component's Asset Id Set Operation Failed | Critical |
| System | Physical component's Uris Id Set Operation Failed | Critical |
| System | Logical Index Validation Failed | Critical |
| System | Logical Component's Community Get Operation Failed | Critical |
| System | Logical Component's Context Name Get Operation Failed | Critical |
| System | Logical Component's Context Name Get Operation Failed | Critical |
| System | LP Mapping Validation Failed | Critical |
| System | Alias Mapping Validation Failed | Critical |
| System | Physical Contains Table validation Failed | Critical |
| System | Firmware upgrade successful .. | Notice |
| System | Saved configuration to USB successfully! | Informational |
| System | Firmware switch partition cancelled..! | Debug |
| System | Firmware switch partition successful | Notice |
| System | Factory reset cancelled. | Debug |
| System | Factory reset initiated.. | Debug |
| System | Factory reset Failed. | Debug |
| System | Factory reset users cancelled. | Debug |
| System | Factory reset users initiated. | Debug |
| System | Factory reset users Failed. | Debug |
| System | Reload operation cancelled | Debug |
| System | Saved configuration to FLASH successfully | Informational |
| System | Saved configuration to remote(TFTP) successfully | Informational |
| System | Saved configuration to remote(SFTP) successfully! | Informational |
| System | Firmware upgrade successful | Notice |
| CLI | Attempt to login as <user details> via telnet from <IP> Succeeded | Alert |
| CLI | Attempt to login as <user name> via console Succeeded | Alert |
| CLI | User <username> logged in via <CLI_mode> | Informational |
| CLI | User <user name> <IP> <cli_mode>logged out from | Informational |
| CLI | User <user name> <IP> <cli_mode> forcefully logged out from | Informational |
| CLI | Password expired for user <username> | Alert |
| CLI | Password credentials updated successfully for User <username> | Alert |
| CLI | Password must be reset for user <user name> | Alert |
| CLI | Attempt to login as <username > via telnet <IP> | Alert |
| CLI | Attempt to login as <username > via SSH <IP> | Alert |
| CLI | Attempt to block the user <username> failed | Alert |
| CLI | Login failed : Login incorrect <username> via <CLI_mode> <IP> | Informational |
| FSAP2 | Displaying ISS status | Critical |
| FSAP2 | Displaying error reason | Critical |
| FSAP2 | Displaying MempoolErr ID | Critical |
| FSAP2 | Displaying MempoolErr ID owner | Critical |
| TCP | No MD5 digest from <srcAddr,port> to <DstAddr,port> | Informational |
| TCP | Bad MD5 digest from <srcAddr,port> to <DstAddr,port> | Informational |
| TCP | Multiple TCP-AO option in one segment from <srcAddr,port> to <DstAddr,port> | Informational |
| TCP | TCP-AO & TCP MD5 option in one segment from <srcAddr,port> to <DstAddr,port> | Informational |
| TCP | TCP-AO MAC from <srcAddr,port> to <DstAddr,port> No MKT Match Discard Packet | Informational |
| TCP | TCP-AO not expected but found, silent accept from <srcAddr,port> to <DstAddr,port> | Informational |
| TCP | No TCP-AO MAC from <srcAddr,port> to <DstAddr,port> | Informational |
| TCP | TCP-AO MAC MKT mismatch from <srcAddr,port> to <DstAddr,port> | Informational |
| TCP | Bad TCP-AO MAC from <srcAddr,port> to <DstAddr,port> | Informational |
| TCP | Connection attempt to closed/non-active TCP port. Possible Replay attack. <srcAddr,port> to <DstAddr,port> | Warning |
| TCP | Invalid segment of data received Possible Replay attack. <srcAddr,port> to <DstAddr,port> | Warning |