XML-Formatted Log Messages

Problem

You wish to send your syslog messages in XML format.

Solution

To enable XML-formatted syslog messages, use the following commands:

Router2# configure terminal 
Enter configuration commands, one per line. End with CNTL/Z.
Router2(config)#logging console xml
Router2(config)#logging monitor xml
Router2(config)#logging buffered xml
Router2(config)#logging host 172.25.1.1 xml
Router2(config)#end
Router2#

 

Discussion

Beginning with IOS Version 12.2(15)T, Cisco introduced Extensible Markup Language (XML) formatted logging of system events and errors. XML provides a method of standardizing and consistently formatting messages, which can easily be utilized by third-party applications to extract data. When XML logging is enabled, system log messages are tagged using a standardized format. Detailed information regarding the message tagging is contained in Table 18-4.

XML tagging can be enabled on all logging facilities, including console, monitor, buffer, or remote syslog servers. However, XML tagged system messages are not as easily read or understood by humans, which means XML tagged messages are most likely sent to a remote syslog server for processing. For example, here is a typical system message created by a router in normal syslog format:

Jul 15 20:37:17.277 EDT: %SYS-5-CONFIG_I: Configured from console by ijbrown on vty0 (172.25.1.1)

The following is the same system message with XML tagging enabled:

SYS5CONFIG_IJul 15 20:37:17.277 EDTconsoleijbrown on vty0 (172.25.1.1)

As you can see, the XML tagged system message is difficult to decipher for us humans; however, the consistent tagging structure is perfectly suited for external monitoring programs to extract data. The following table breaks down the various XML tags used by Cisco to encode system messages.

Table 18-4. X ML Tags used for syslog messages

Tag applied Item delimited
  Entire syslog message.
  The facility name of the log message (e.g., SYS).
  The severity level of the message from 0 to 7, with 0 the most severe (e.g., 5).
  The error or event message type (e.g., CONFIG_I).
  The message sequence number.
  The timestamp of the message, including the time and date (e.g., Jul 15 20:37:27.277 EDT).
  The variables contained within the human readable test. Note that the full human readable is not kept. Only the individual arguments are formatted and retained. See the next section.
  The specific arguments that are embedded within the human readable test. These arguments are sequentially numbered starting from 0 (e.g., Arg0 = console Arg1= ijbrown on vty0 (172.25.1.1) ).

If you are unfamiliar with XML, we recommend XML Pocket Reference by Simon St.Laurent and Michael Fitzgerald (O'Reilly). A simple description of XML is that it uses special tags that define objects. One tag defines the start of an object, and a second tag defines the end of that object. For example, in Table 18-4, we indicated that the entire log message begins with the tag and ends with the same tag, but with a slash in it (). You can then nest other objects inside this object, with each object surrounded by a similar pair of tags. However, as we mentioned earlier, XML is not really intended to be human-readable.

It's possible to enable both normal system log buffering and XML tagged log buffering concurrently. To view the XML buffered log on a router, use the show log xml command:

Router2#show logging xml 
enabledenabled
 enableddisabled
 disableddisabled
 vty6(35)
 enableddisabled
 
 
 
 enableddisabled
 disableddisabled
 


CLEAR5COUNTERSJul 16 10:09:43.832 EDTallinterfacesijbrown on vty0 (172.25.1.1)
Router2#

It is also possible to send standard system log messages to one host and XML-tagged log messages to another host; however you must specify a different IP address. You cannot send both standard and XML system messages to the same host concurrently:

Router2#configure terminal 
Enter configuration commands, one per line. End with CNTL/Z.
Router2(config)#logging host 172.25.1.1 xml
Router2(config)#logging host 172.25.1.3
Router2(config)#end
Router2#

In this example, the router is configured to send XML-tagged system messages to host 172.25.1.1, and standard system log messages to host 172.25.1.3.

See Also

Recipe 18.5; XML Pocket Reference by Simon St.Laurent and Michael Fitzgerald (O'Reilly)

Router Configuration and File Management

Router Management

User Access and Privilege Levels

TACACS+

IP Routing

RIP

EIGRP

OSPF

BGP

Frame Relay

Handling Queuing and Congestion

Tunnels and VPNs

Dial Backup

NTP and Time

DLSw

Router Interfaces and Media

Simple Network Management Protocol

Logging

Access-Lists

DHCP

NAT

First Hop Redundancy Protocols

IP Multicast

IP Mobility

IPv6

MPLS

Security

Appendix 1. External Software Packages

Appendix 2. IP Precedence, TOS, and DSCP Classifications

Index



Cisco IOS Cookbook
Cisco IOS Cookbook (Cookbooks (OReilly))
ISBN: 0596527225
EAN: 2147483647
Year: 2004
Pages: 505

Flylib.com © 2008-2020.
If you may any questions please contact us: flylib@qtcs.net