Here's how to work with system and audit logs in SONiC.
In this video, we will show you how to access and manipulate the Sonic 4.0 cli logs. The system log file or CIS log is a record of all logging enabled transactions of various processes on a switch cis log alerts are generated for significant events in the system such as memory utilization CPU thresholds and so on. System logs are enabled by default. This information can help the switch administrator troubleshoot issues related to the switch in the network. Logging messages are classified based on the severity level.
They range from debugging, the lowest level seven all the way up to critical alerts and emergencies which are levels 21 and the highest level zero for emergencies. System logs can be viewed using the show logging command here. You can see the log entry consists of several parts, the time stamp the modules and the actual message Dell Sonic stores a lot of log messages to view the number of log messages, use the command show logging count. You can see there's 25,000 log messages right now in the system. Often it would be useful to see the latest log messages. Use the command show logging lines and I'll use five lines.
So the last five lines of the log, you can see the warnings and some notices you can grab to search for log messages with a specific pattern. Use the command show logging by grab and the pattern. We will use Ethernet on one. We should only see any log message that has each 11 listed in it, admin down capabilities, et cetera. If we wish to send the C logs to a remote server, we would configure terminal, use the command logging server and the IP address and we will send the logs to the server 10.0 0.0 0.200. To clear the system log files will use the command clear logging and this will clear the audit logs as well.
That will show to see how many lines of logging are the count. There are two runs. We look at the log, will she see the flush and we ran the Sonic clear logging command. An audit log is a list of all user activity. All the user commands and changes are recorded in the audit log. They showed the audit log. We'll see that our previous commands are shown and configured terminal show logging, show logging town.
And the clear logging note. When the show logging command is used, the logs show that earliest entries at the top. But when the show audit log command is used, it will show the opposite the top of the log are the latest entries and the bottom are the oldest any commands and configuration that are run using the Dell Sonic Cli or say the rest API are listed in the audit logs. If we clear the audit logs, we'll see once we show it again that there is one entry. All Mle Note, only users with admin role can view and clear the audit log. This concludes the demonstration.