Syslog Follow

Reference model:

• Switch model name:

- AS7726-32X

- AS7326-56X

- AS7816-64X

- AS5835-54X(T)

- AS4630-54PE

- AS9716-32D

- AS8000(Minipack)

- Wedge100BF-32X

• Edgecore SONiC version: 

- Edgecore-SONiC_20201123_130028_ec202006_74

- Edgecore-SONiC_20201229_070315_ec202006_101

- Edgecore-SONiC_20201229_070315_ec202006_bfn_65(Wedge100BF-32X)

Restriction:

1. There is no SONiC command for system log

Example : Syslog

Note:

This command displays all the currently stored log messages. All the latest processes and corresponding transactions are stored in the "syslog" file. This file is saved in the path /var/log and can be viewed by giving the command sudo cat syslog as this requires root login.

admin@sonic:~$ show logging

Optionally, you can follow the log live as entries are written to it by specifying the -f or --follow flag

admin@sonic:~$ show logging --follow

Example: remote syslog server

Reference model:

• Switch model name: AS7816-64X
• Edgecore SONiC version: SONiC.Edgecore-SONiC_20200116_051623_ec201904_128

Restriction:

1. There's no SONiC command for remote syslog server.

Procedure :

Step 1. Edit /etc/sonic/config_db.json instead of SONiC command.

Add syslog server and its IP address.

admin@sonic:/etc/sonic$ sudo vi config_db.json
{

    ...
    "SYSLOG_SERVER": {
        "192.168.1.3": {}
    },
    ...
}

Step 2. config reload or power cycle the switch

admin@sonic:~$ sudo config reload -y

Caution:

• Make sure switch IP address and connectivity works well. (refer to Management IP address)

Result: Switch sends syslog traps (all severity levels) to syslog server.

Example: Adjust severity level for remote syslog server

Restriction:

1. There's no SONiC command

Default setting: all severity levels 

admin@sonic:~$ sudo vi /usr/share/sonic/templates/rsyslog.conf.j2
omitted...

#Set remote syslog server
{% for server in SYSLOG_SERVER %}
*.* @{{ server }}:514;SONiCFileFormat
{% endfor %}

omitted...

Step 1. Edit the file /usr/share/sonic/templates/rsyslog.conf.j2

Warning and below. (Level 0 ~ 4)

admin@sonic:~$ sudo vi /usr/share/sonic/templates/rsyslog.conf.j2 
{ % for server in SYSLOG_SERVER % }    
*.warning @{{ server }}:514;SONiCFileFormat
{ % endfor % }

Only warning level. (Only Level 4)

admin@sonic:~$ sudo vi /usr/share/sonic/templates/rsyslog.conf.j2
{% for server in SYSLOG_SERVER %}
*.=warning @{{ server }}:514;SONiCFileFormat
{% endfor %}

All severity levels except warning. (Level 0 ~ 7 except Level 4)

admin@sonic:~$ sudo vi /usr/share/sonic/templates/rsyslog.conf.j2
{% for server in SYSLOG_SERVER %}
*.debug;*.!=warning @{{ server }}:514;SONiCFileFormat
{% endfor %}

Note: 

Here's the Severity level by the standard.

Step 2:  Restart syslog service

admin@sonic:~$ sudo systemctl restart rsyslog-config