Back to Home

IOS Tip: Write custom messages to Syslog

You often find yourself sifting through the logs when an issue arises on any given network device. You find useful information such as flapping indications, failed SLA ops, and several other things. These are all event-driven log messages that are written when a certain event occurs on the platform (software or hardware). It may be useful to write your own messages to the local syslog instance for various reasons:

  • To keep track of timestamps for various maintenance, research events. Useful for reporting incidents (ITIL) and also to aid in troubleshooting
  • Notes for next on-shift engineer. Things like including a CM ticket # before a change, for the next person to reference
  • Etc..

Well, this is a very simple thing to do, which involves entering the TCL shell, binding to syslog, writing your message, and then closing the syslog connection. This is done like so:

NY1-LIC-rtr01#tclsh

NY1-LIC-rtr01(tcl)#set log [open "syslog: " w+]
file0

NY1-LIC-rtr01(tcl)#puts $log "MAINTENANCE BEGIN - Change: INF-6783"        

NY1-LIC-rtr01(tcl)#close $log

NY1-LIC-rtr01(tcl)#exit
NY1-LIC-rtr01#

And from there, if any issues arise during your MAINTENANCE BEGIN/END tags, you can clearly see the errors and correlate with timestamps, etc. Also, by leaving notes such as the ticket #, you can reference much more information such as what changes were made and any issues that had came up during the maintenance.

To view history of maintenance events for further troubleshooting:

NY1-LIC-rtr01#show log | i MAINT
*Apr 15 03:34:21: MAINTENANCE BEGIN - Change: INF-6711
*Apr 15 03:59:07: MAINTENANCE END - Change: INF-6711 - Successful
*Apr 22 06:34:44: MAINTENANCE BEGIN - Change: INF-6751
*Apr 22 07:25:58: MAINTENANCE END - Change: INF-6751 - Rollback
*Apr 29 01:02:22: MAINTENANCE BEGIN - Change: INF-6783
*Apr 29 01:49:18: MAINTENANCE END - Change: INF-6783 - Successful

There are other situations in which writing custom messages would be useful, be creative! I hope this is informative to anyone who hasn’t done anything like this before.

Decrypt F5 SSL traffic for troubleshooting

Playing with QoS and jumbo frames on the Nexus 5K