System Logging Protocol (Syslog)

By default switch sends out syslog to syslog server with all severity levels.

Local syslog

All the messages are stored in the syslog file in /var/log. Users can view it by issuing the “sudo cat syslog” command.

This SONiC CLI command displays all the available log messages.

admin@sonic:~$ show logging

Please use the -f or -follow flag to follow the live logging.

admin@sonic:~$ show logging --follow

Remote syslog server

Netberg SONiC System Logging Protocol (Syslog)

Figure 1. Network topology

Prerequisite:

Check your network addresses and ensure connectivity between systems.

admin@sonic:~$ sudo config syslog add 192.168.0.1
Running command: systemctl reset-failed rsyslog-config rsyslog
Running command: systemctl restart rsyslog-config

Adjust the severity level for the remote syslog server

The syslog configuration file location is /usr/share/sonic/templates/rsyslog.conf.j2

ValueSeverityKeyword
0Emergencyemerg
1Alertalert
2Criticalcrit
3Errorerr
4Warningwarning
5Noticenotice
6Informationalinfo
7Debugdebug

Notice and below (levels 0 ~ 5)

admin@sonic:~$ sudo vi /usr/share/sonic/templates/rsyslog.conf.j2
{ % for server in SYSLOG_SERVER % }
*.notice @{{ server }}:514;SONiCFileFormat
{ % endfor % }

Only error level (level 3).

admin@sonic:~$ sudo vi /usr/share/sonic/templates/rsyslog.conf.j2
{% for server in SYSLOG_SERVER %}
*.=error @{{ server }}:514;SONiCFileFormat
{% endfor %}

All severity levels except warnings (levels 0 ~ 7 except 4).

admin@sonic:~$ sudo vi /usr/share/sonic/templates/rsyslog.conf.j2
{% for server in SYSLOG_SERVER %}
*.debug;*.!=warning @{{ server }}:514;SONiCFileFormat
{% endfor %}

Restart syslog service:

admin@sonic:~$ sudo systemctl restart rsyslog-config