Syslog Documentation Examples

REMEMBER! If you have query logging enabled, if the box is busy then you can easily build up to the point where all logs only go back 1 hour and the support bundle is 3.3Gb.

Member offline log: Facily = User Server = monitor Level = ALERT or ERROR

• (ALERT) Type: controld, State: Red, Event: A controld failure has occurred.
• (ALERT) Type: httpd, State: Red, Event: An Apache software failure has occurred.
• (ALERT) Type: httpd, State: Red, Event: An Apache software failure has occurred.
• (ALERT) Type: NTP Synchronization, State: Green, Event: The NTP service resumed synchronization. state change from 16 to 15
• (ALERT) Type: NTP Synchronization, State: Red, Event: The NTP service is out of synchronization. state change from 15 to 16
• (ALERT) Type: Replication, State: Red, Event: Offline
• (ALERT) Type: SSH, State: Red, Event: An SSH daemon failure has occurred.
• (ALERT) Type: Threat Analytics, State: Red, Event: Threat Analytics Service is failed state change from 125 to 128
• (ERROR) Type: DNS, State: Yellow, Event: DNS is still running even though DNS Traffic Control is not functioning properly state change from 32 to 106
• (ERROR) Type: Cloud DNS Sync, State: Yellow, Event: Cloud DNS Sync Service is initializing. state change from 169 to 168
• (ERROR) Type: DFP, State: Yellow, Event: NIOS/DFP Service is stopped by user. Cloud/DFP is healthy. state change from 142 to 143
• (ERROR) Type: Replication, State: Yellow, Event: Synchronizing with grid

The audit log file has a maximum size of 100Mb. When the limit is reached, the file is wiped (or FIFO overwritten) and starts to fill up again. If rolling is enabled, then a backup of the file is taken before it is deleted. Up to nine rolled log files can be stored. e.g

• audit.log
• audit.log.1
• audit.log.2
• audit.log.3
• audit.log.4
• audit.log.5
• audit.log.6
• audit.log.7
• audit.log.8
• audit.log.9

Under Administration > Logs > SysLog, you can

• Export
• Download
• Print

Export can be a big file (e.g. I just tested it on a small lab NIOS box and it was 141Mb CSV file). It is uncompressed CSV of everything. However, if you apply a log filter, you will only get filtered results.

Download will give you a file called sysLog.tar.gz that contains a file called messages which is the raw syslog file.

Print will print a screen's worth of logs (about 8 pages).

Other options for getting logs

• Pulling a support bundle from GM, GUI or WAPI
• Pushing a support bundle from CLI
• Fileop function (via WAPI)

show log
show log syslog
show log audit
show log syslog follow
show log audit follow
show log syslog tail 5
show log audit tail 5

Stopping BIND

• Facility = daemon
• Level = INFO
• Server = named[3361284]
• Message = shutting down

• Facility = daemon
• Level = NOTICE
• Server = named[3361284]
• Message = exiting

• Facility = user
• Level = ALERT
• Server = monitor[1145192]
• Message = Type: DNS, State: Red, Event: A named daemon monitoring failure has occurred.

Starting BIND

• daemon NOTICE named[3391445] starting BIND 9.16.23-S1 (Supported Preview Version) <id:70b08b2>
• daemon NOTICE named[3391445] running on Linux x86_64 5.8.0-63-generic #71~20.04.1-Ubuntu SMP Thu Jul 15 17:46:08 UTC 2021
• daemon NOTICE named[3391445] adjusted limit on open files from 22000 to 1048576
• daemon INFO named[3391445] found 4 CPUs, using 4 worker threads
• daemon INFO named[3391445] using 4 UDP listeners per interface
• daemon INFO named[3391445] using up to 21000 sockets
• daemon INFO named[3391445] loading configuration from '/infoblox/var/named_conf/named.conf'
• daemon INFO named[3391445] looking for GeoIP2 databases in '/usr/share/GeoIP'
• daemon INFO named[3391445] using default UDP/IPv4 port range: [32768, 60999]
• daemon INFO named[3391445] listening on IPv4 interface lo, 127.0.0.1#53
• daemon INFO named[3391445] listening on IPv4 interface eth1, 192.168.1.53#53
• daemon INFO named[3391445] all zones loaded
• daemon INFO named[3391445] 3 zones from zone files
• daemon NOTICE named[3391445] running