收集网络设备日志

Linux7的rsyslog服务

如果没有,yum安装一个,我的环境不是最小化安装的Linux系统。

[root@mo ~]# systemctl status rsyslog
● rsyslog.service - System Logging Service
   Loaded: loaded (/usr/lib/systemd/system/rsyslog.service; enabled; vendor preset: enabled)
   Active: active (running) since Tue 2020-07-07 13:49:49 CST; 3 weeks 3 days ago
     Docs: man:rsyslogd(8)
           http://www.rsyslog.com/doc/
 Main PID: 1089 (rsyslogd)
    Tasks: 9
   Memory: 7.4M
   CGroup: /system.slice/rsyslog.service
           └─1089 /usr/sbin/rsyslogd -n

Jul 15 21:46:01 mo rsyslogd[1089]: imjournal: journal reloaded... [v8.24.0-52.el7 try http://www.rsyslog.com/e/0 ]
Jul 18 01:56:01 mo rsyslogd[1089]: imjournal: journal reloaded... [v8.24.0-52.el7 try http://www.rsyslog.com/e/0 ]
Jul 19 03:36:01 mo rsyslogd[1089]:  [origin software="rsyslogd" swVersion="8.24.0-52.el7" x-pid="1089" x-info="http://www.rsyslog.com"] rsyslogd was HUPed
Jul 20 06:01:01 mo rsyslogd[1089]: imjournal: journal reloaded... [v8.24.0-52.el7 try http://www.rsyslog.com/e/0 ]
Jul 22 10:11:01 mo rsyslogd[1089]: imjournal: journal reloaded... [v8.24.0-52.el7 try http://www.rsyslog.com/e/0 ]
Jul 24 14:28:01 mo rsyslogd[1089]: imjournal: journal reloaded... [v8.24.0-52.el7 try http://www.rsyslog.com/e/0 ]
Jul 26 03:08:01 mo rsyslogd[1089]:  [origin software="rsyslogd" swVersion="8.24.0-52.el7" x-pid="1089" x-info="http://www.rsyslog.com"] rsyslogd was HUPed
Jul 26 18:16:01 mo rsyslogd[1089]: imjournal: journal reloaded... [v8.24.0-52.el7 try http://www.rsyslog.com/e/0 ]
Jul 28 22:31:01 mo rsyslogd[1089]: imjournal: journal reloaded... [v8.24.0-52.el7 try http://www.rsyslog.com/e/0 ]
Jul 31 02:39:01 mo rsyslogd[1089]: imjournal: journal reloaded... [v8.24.0-52.el7 try http://www.rsyslog.com/e/0 ]

rsyslog配置设置

1、
需要开启514端口
$ModLoad imtcp
$InputTCPServerRun 514
2、
需要将产生的日志设置规则、并存放在对应的路径下
$template IpTemplate,"/var/log/complogs/switch/%FROMHOST-IP%.log"
:fromhost-ip,isequal,“192.168.40.2” ?IpTemplate
3、
重启rsyslog服务

[root@mo switch]# cat /etc/rsyslog.conf
# rsyslog configuration file

# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html

#### MODULES ####

# The imjournal module bellow is now used as a message source instead of imuxsock.
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
$ModLoad imjournal # provides access to the systemd journal
#$ModLoad imklog # reads kernel messages (the same are read from journald)
#$ModLoad immark  # provides --MARK-- message capability

# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514

# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514

$template IpTemplate,"/var/log/complogs/switch/%FROMHOST-IP%.log"

:fromhost-ip,isequal,"192.168.1.2" ?IpTemplate

#### GLOBAL DIRECTIVES ####

# Where to place auxiliary files
$WorkDirectory /var/lib/rsyslog

# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

# File syncing capability is disabled by default. This feature is usually not required,
# not useful and an extreme performance hit
#$ActionFileEnableSync on

# Include all config files in /etc/rsyslog.d/
$IncludeConfig /etc/rsyslog.d/*.conf

# Turn off message reception via local log socket;
# local messages are retrieved through imjournal now.
$OmitLocalLogging on

# File to store the position in the journal
$IMJournalStateFile imjournal.state


#### RULES ####

# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.*                                                 /dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none                /var/log/messages

# The authpriv file has restricted access.
authpriv.*                                              /var/log/secure

# Log all the mail messages in one place.
mail.*                                                  -/var/log/maillog


# Log cron stuff
cron.*                                                  /var/log/cron

# Everybody gets emergency messages
*.emerg                                                 :omusrmsg:*

# Save news errors of level crit and higher in a special file.
uucp,news.crit                                          /var/log/spooler

# Save boot messages also to boot.log
local7.*                                                /var/log/boot.log


# ### begin forwarding rule ###
# The statement between the begin ... end define a SINGLE forwarding
# rule. They belong together, do NOT split them. If you create multiple
# forwarding rules, duplicate the whole block!
# Remote Logging (we use TCP for reliable delivery)
#
# An on-disk queue is created for this action. If the remote host is
# down, messages are spooled to disk and sent when it is up again.
#$ActionQueueFileName fwdRule1 # unique name prefix for spool files
#$ActionQueueMaxDiskSpace 1g   # 1gb space limit (use as much as possible)
#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
#$ActionQueueType LinkedList   # run asynchronously
#$ActionResumeRetryCount -1    # infinite retries if host is down
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
#*.* @@remote-host:514
# ### end of the forwarding rule ###

这里需要提示一点,每一家的网络设备端配置rsyslog服务器地址的方式各有不同,需要根据情况来设置,下面我找的是一台公司的华为网络交换机,按照下图的方式配置后就可以收集到该交互机的日志了,注意一定要将rsyslog服务器的地址写正确。
在这里插入图片描述

具体落地到rsyslog服务器上的日志

[root@mo switch]# tail -100f 192.168.1.2.log 
2000-04-30T11:38:26+08:00 s5700 %%01IFPDT/4/INT_OUTBRDR(l)[1814]: The output rate change ratio exceeded the threshold.(IfIndex = 10, InterfaceName = GigabitEthernet0/0/6, ThresholdPercent = 50%, CurrentStatisticalPeriodRate = 822442, La
stStatisticalPeriodRate = 45983338)2000-04-30T11:38:26+08:00 s5700 %%01IFPDT/4/INT_INBRDR(l)[1815]: The input rate change ratio exceeded the threshold.(IfIndex = 11, InterfaceName = GigabitEthernet0/0/7, ThresholdPercent = 50%, CurrentStatisticalPeriodRate = 470358, Last
StatisticalPeriodRate = 45657715)2000-04-30T11:43:27+08:00 s5700 IFPDT/4/PORT_INRATECHG: OID 1.3.6.1.4.1.2011.5.25.157.2.219 The input rate change ratio exceeded the threshold.(IfIndex = 10, InterfaceName = GigabitEthernet0/0/6, ThresholdPercent = 50%, CurrentStatistic
alPeriodRate = 835509, LastStatisticalPeriodRate = 45716479)2000-04-30T11:43:27+08:00 s5700 IFPDT/4/PORT_OUTRATECHG: OID 1.3.6.1.4.1.2011.5.25.157.2.220 The output rate change ratio exceeded the threshold.(IfIndex = 11, InterfaceName = GigabitEthernet0/0/7, ThresholdPercent = 50%, CurrentStatist
icalPeriodRate = 2698, LastStatisticalPeriodRate = 44823474)2000-04-30T11:43:27+08:00 s5700 %%01IFPDT/4/INT_INBRDR(l)[1816]: The input rate change ratio exceeded the threshold.(IfIndex = 10, InterfaceName = GigabitEthernet0/0/6, ThresholdPercent = 50%, CurrentStatisticalPeriodRate = 835509, Last
StatisticalPeriodRate = 45716479)2000-04-30T11:43:27+08:00 s5700 %%01IFPDT/4/INT_OUTBRDR(l)[1817]: The output rate change ratio exceeded the threshold.(IfIndex = 11, InterfaceName = GigabitEthernet0/0/7, ThresholdPercent = 50%, CurrentStatisticalPeriodRate = 2698, Last
StatisticalPeriodRate = 44823474)2000-04-30T11:53:30+08:00 s5700 IFPDT/4/PORT_INRATECHG: OID 1.3.6.1.4.1.2011.5.25.157.2.219 The input rate change ratio exceeded the threshold.(IfIndex = 10, InterfaceName = GigabitEthernet0/0/6, ThresholdPercent = 50%, CurrentStatistic
alPeriodRate = 982353, LastStatisticalPeriodRate = 33554078)2000-04-30T11:53:30+08:00 s5700 IFPDT/4/PORT_OUTRATECHG: OID 1.3.6.1.4.1.2011.5.25.157.2.220 The output rate change ratio exceeded the threshold.(IfIndex = 11, InterfaceName = GigabitEthernet0/0/7, ThresholdPercent = 50%, CurrentStatist
icalPeriodRate = 2788, LastStatisticalPeriodRate = 32286125)2000-04-30T11:53:30+08:00 s5700 %%01IFPDT/4/INT_INBRDR(l)[1818]: The input rate change ratio exceeded the threshold.(IfIndex = 10, InterfaceName = GigabitEthernet0/0/6, ThresholdPercent = 50%, CurrentStatisticalPeriodRate = 982353, Last
StatisticalPeriodRate = 33554078)2000-04-30T11:53:30+08:00 s5700 %%01IFPDT/4/INT_OUTBRDR(l)[1819]: The output rate change ratio exceeded the threshold.(IfIndex = 11, InterfaceName = GigabitEthernet0/0/7, ThresholdPercent = 50%, CurrentStatisticalPeriodRate = 2788, Last
StatisticalPeriodRate = 32286125)2000-04-30T18:10:31+08:00 s5700 %%01SNMP/4/SNMP_FAIL(s)[1820]: Failed to login through SNMP. (Ip=9.9.9.9, Times=6, Reason=the community was incorrect, VPN= )
2000-04-30T18:10:31+08:00 s5700 %%01SNMP/4/SNMP_IPLOCK(s)[1821]: The source IP was locked because of the failure of login through SNMP.(SourceIP=9.9.9.9, VPN= )
2000-04-30T18:10:39+08:00 s5700 %%01SNMP/4/SNMP_IPUNLOCK(s)[1822]: The source IP was unlocked.(SourceIP=9.9.9.9, VPN= )
2000-04-30T18:10:41+08:00 s5700 %%01SNMP/4/SNMP_FAIL(s)[1823]: Failed to login through SNMP. (Ip=9.9.9.9, Times=1, Reason=the community was incorrect, VPN= )
2000-04-30T18:10:41+08:00 s5700 %%01SNMP/4/SNMP_IPLOCK(s)[1824]: The source IP was locked because of the failure of login through SNMP.(SourceIP=9.9.9.9, VPN= )
2000-04-30T18:10:57+08:00 s5700 %%01SNMP/4/SNMP_IPUNLOCK(s)[1825]: The source IP was unlocked.(SourceIP=9.9.9.9, VPN= )
2000-04-30T18:10:58+08:00 s5700 %%01SNMP/4/SNMP_FAIL(s)[1826]: Failed to login through SNMP. (Ip=9.9.9.9, Times=2, Reason=the community was incorrect, VPN= )
2000-04-30T18:10:58+08:00 s5700 %%01SNMP/4/SNMP_IPLOCK(s)[1827]: The source IP was locked because of the failure of login through SNMP.(SourceIP=9.9.9.9, VPN= )
2000-04-30T18:11:31+08:00 s5700 %%01SNMP/4/SNMP_IPUNLOCK(s)[1828]: The source IP was unlocked.(SourceIP=9.9.9.9, VPN= )
2000-04-30T18:11:33+08:00 s5700 %%01SNMP/4/SNMP_FAIL(s)[1829]: Failed to login through SNMP. (Ip=9.9.9.9, Times=3, Reason=the community was incorrect, VPN= )
2000-04-30T18:11:33+08:00 s5700 %%01SNMP/4/SNMP_IPLOCK(s)[1830]: The source IP was locked because of the failure of login through SNMP.(SourceIP=9.9.9.9, VPN= )
2000-04-30T18:16:33+08:00 s5700 %%01SNMP/4/SNMP_IPUNLOCK(s)[1831]: The source IP was unlocked.(SourceIP=9.9.9.9, VPN= )
2000-04-30T18:29:52+08:00 s5700 IFPDT/4/PORT_INRATECHG: OID 1.3.6.1.4.1.2011.5.25.157.2.219 The input rate change ratio exceeded the threshold.(IfIndex = 8, InterfaceName = GigabitEthernet0/0/4, ThresholdPercent = 50%, CurrentStatistica
lPeriodRate = 602640, LastStatisticalPeriodRate = 31575875)2000-04-30T18:29:52+08:00 s5700 IFPDT/4/PORT_OUTRATECHG: OID 1.3.6.1.4.1.2011.5.25.157.2.220 The output rate change ratio exceeded the threshold.(IfIndex = 11, InterfaceName = GigabitEthernet0/0/7, ThresholdPercent = 50%, CurrentStatist
icalPeriodRate = 3173, LastStatisticalPeriodRate = 30991269)2000-04-30T18:29:52+08:00 s5700 %%01IFPDT/4/INT_INBRDR(l)[1832]: The input rate change ratio exceeded the threshold.(IfIndex = 8, InterfaceName = GigabitEthernet0/0/4, ThresholdPercent = 50%, CurrentStatisticalPeriodRate = 602640, LastS
tatisticalPeriodRate = 31575875)2000-04-30T18:29:52+08:00 s5700 %%01IFPDT/4/INT_OUTBRDR(l)[1833]: The output rate change ratio exceeded the threshold.(IfIndex = 11, InterfaceName = GigabitEthernet0/0/7, ThresholdPercent = 50%, CurrentStatisticalPeriodRate = 3173, Last
StatisticalPeriodRate = 30991269)2000-05-01T04:33:34+08:00 s5700 IFPDT/4/PORT_INRATECHG: OID 1.3.6.1.4.1.2011.5.25.157.2.219 The input rate change ratio exceeded the threshold.(IfIndex = 44, InterfaceName = GigabitEthernet0/0/40, ThresholdPercent = 50%, CurrentStatisti
calPeriodRate = 521912, LastStatisticalPeriodRate = 29811721)2000-05-01T04:33:34+08:00 s5700 %%01IFPDT/4/INT_INBRDR(l)[1834]: The input rate change ratio exceeded the threshold.(IfIndex = 44, InterfaceName = GigabitEthernet0/0/40, ThresholdPercent = 50%, CurrentStatisticalPeriodRate = 521912, Las
tStatisticalPeriodRate = 29811721)2000-05-01T04:33:35+08:00 s5700 IFPDT/4/PORT_OUTRATECHG: OID 1.3.6.1.4.1.2011.5.25.157.2.220 The output rate change ratio exceeded the threshold.(IfIndex = 37, InterfaceName = GigabitEthernet0/0/33, ThresholdPercent = 50%, CurrentStatis
ticalPeriodRate = 356737, LastStatisticalPeriodRate = 29657320)2000-05-01T04:33:35+08:00 s5700 %%01IFPDT/4/INT_OUTBRDR(l)[1835]: The output rate change ratio exceeded the threshold.(IfIndex = 37, InterfaceName = GigabitEthernet0/0/33, ThresholdPercent = 50%, CurrentStatisticalPeriodRate = 356737, L
astStatisticalPeriodRate = 29657320)2000-05-01T04:43:37+08:00 s5700 IFPDT/4/PORT_OUTRATECHG: OID 1.3.6.1.4.1.2011.5.25.157.2.220 The output rate change ratio exceeded the threshold.(IfIndex = 44, InterfaceName = GigabitEthernet0/0/40, ThresholdPercent = 50%, CurrentStatis
ticalPeriodRate = 495504, LastStatisticalPeriodRate = 29824816)2000-05-01T04:43:37+08:00 s5700 %%01IFPDT/4/INT_OUTBRDR(l)[1836]: The output rate change ratio exceeded the threshold.(IfIndex = 44, InterfaceName = GigabitEthernet0/0/40, ThresholdPercent = 50%, CurrentStatisticalPeriodRate = 495504, L
astStatisticalPeriodRate = 29824816)2000-05-01T04:43:38+08:00 s5700 IFPDT/4/PORT_INRATECHG: OID 1.3.6.1.4.1.2011.5.25.157.2.219 The input rate change ratio exceeded the threshold.(IfIndex = 37, InterfaceName = GigabitEthernet0/0/33, ThresholdPercent = 50%, CurrentStatisti
calPeriodRate = 309116, LastStatisticalPeriodRate = 29554701)2000-05-01T04:43:38+08:00 s5700 %%01IFPDT/4/INT_INBRDR(l)[1837]: The input rate change ratio exceeded the threshold.(IfIndex = 37, InterfaceName = GigabitEthernet0/0/33, ThresholdPercent = 50%, CurrentStatisticalPeriodRate = 309116, Las
tStatisticalPeriodRate = 29554701)2000-05-01T06:10:31+08:00 s5700 %%01SNMP/4/SNMP_FAIL(s)[1838]: Failed to login through SNMP. (Ip=9.9.9.9, Times=4, Reason=the community was incorrect, VPN= )
2000-05-01T06:10:31+08:00 s5700 %%01SNMP/4/SNMP_IPLOCK(s)[1839]: The source IP was locked because of the failure of login through SNMP.(SourceIP=9.9.9.9, VPN= )
2000-05-01T06:10:40+08:00 s5700 %%01SNMP/4/SNMP_IPUNLOCK(s)[1840]: The source IP was unlocked.(SourceIP=9.9.9.9, VPN= )
2000-05-01T06:10:41+08:00 s5700 %%01SNMP/4/SNMP_FAIL(s)[1841]: Failed to login through SNMP. (Ip=9.9.9.9, Times=5, Reason=the community was incorrect, VPN= )
2000-05-01T06:10:41+08:00 s5700 %%01SNMP/4/SNMP_IPLOCK(s)[1842]: The source IP was locked because of the failure of login through SNMP.(SourceIP=9.9.9.9, VPN= )
2000-05-01T06:10:58+08:00 s5700 %%01SNMP/4/SNMP_IPUNLOCK(s)[1843]: The source IP was unlocked.(SourceIP=9.9.9.9, VPN= )
2000-05-01T06:10:59+08:00 s5700 %%01SNMP/4/SNMP_FAIL(s)[1844]: Failed to login through SNMP. (Ip=9.9.9.9, Times=6, Reason=the community was incorrect, VPN= )
2000-05-01T06:10:59+08:00 s5700 %%01SNMP/4/SNMP_IPLOCK(s)[1845]: The source IP was locked because of the failure of login through SNMP.(SourceIP=9.9.9.9, VPN= )
2000-05-01T06:11:32+08:00 s5700 %%01SNMP/4/SNMP_IPUNLOCK(s)[1846]: The source IP was unlocked.(SourceIP=9.9.9.9, VPN= )
2000-05-01T06:11:34+08:00 s5700 %%01SNMP/4/SNMP_FAIL(s)[1847]: Failed to login through SNMP. (Ip=9.9.9.9, Times=1, Reason=the community was incorrect, VPN= )
2000-05-01T06:11:34+08:00 s5700 %%01SNMP/4/SNMP_IPLOCK(s)[1848]: The source IP was locked because of the failure of login through SNMP.(SourceIP=9.9.9.9, VPN= )
2000-05-01T06:16:34+08:00 s5700 %%01SNMP/4/SNMP_IPUNLOCK(s)[1849]: The source IP was unlocked.(SourceIP=9.9.9.9, VPN= )
2000-05-01T12:05:22+08:00 s5700 %%01IFPDT/4/IF_STATE(l)[1850]: Interface GigabitEthernet0/0/24 has turned into DOWN state.
2000-05-01T12:05:26+08:00 s5700 %%01IFPDT/4/IF_STATE(l)[1851]: Interface GigabitEthernet0/0/24 has turned into UP state.
2000-05-01T12:05:30+08:00 s5700 %%01MSTP/6/SET_PORT_FORWARDING(l)[1852]: In MSTP process 0 instance 0, MSTP set port GigabitEthernet0/0/24 state as forwarding.
2000-05-01T12:06:56+08:00 s5700 %%01IFPDT/4/IF_STATE(l)[1853]: Interface GigabitEthernet0/0/23 has turned into DOWN state.
2000-05-01T12:07:00+08:00 s5700 %%01IFPDT/4/IF_STATE(l)[1854]: Interface GigabitEthernet0/0/23 has turned into UP state.
2000-05-01T12:07:04+08:00 s5700 %%01MSTP/6/SET_PORT_FORWARDING(l)[1855]: In MSTP process 0 instance 0, MSTP set port GigabitEthernet0/0/23 state as forwarding.
2000-05-01T15:27:29+08:00 s5700 %%01IFPDT/4/IF_STATE(l)[1856]: Interface GigabitEthernet0/0/26 has turned into DOWN state.
2000-05-01T15:27:31+08:00 s5700 %%01IFPDT/4/IF_STATE(l)[1857]: Interface GigabitEthernet0/0/25 has turned into DOWN state.
2000-05-01T15:27:33+08:00 s5700 %%01IFPDT/4/IF_STATE(l)[1858]: Interface GigabitEthernet0/0/21 has turned into DOWN state.
2000-05-01T15:36:23+08:00 s5700 %%01IFPDT/4/IF_STATE(l)[1859]: Interface GigabitEthernet0/0/24 has turned into DOWN state.
2000-05-01T16:09:26+08:00 s5700 IFPDT/4/PORT_INRATECHG: OID 1.3.6.1.4.1.2011.5.25.157.2.219 The input rate change ratio exceeded the threshold.(IfIndex = 10, InterfaceName = GigabitEthernet0/0/6, ThresholdPercent = 50%, CurrentStatistic
alPeriodRate = 633153, LastStatisticalPeriodRate = 35476930)2000-05-01T16:09:26+08:00 s5700 IFPDT/4/PORT_OUTRATECHG: OID 1.3.6.1.4.1.2011.5.25.157.2.220 The output rate change ratio exceeded the threshold.(IfIndex = 11, InterfaceName = GigabitEthernet0/0/7, ThresholdPercent = 50%, CurrentStatist
icalPeriodRate = 3227, LastStatisticalPeriodRate = 34863053)2000-05-01T16:09:26+08:00 s5700 %%01IFPDT/4/INT_INBRDR(l)[1860]: The input rate change ratio exceeded the threshold.(IfIndex = 10, InterfaceName = GigabitEthernet0/0/6, ThresholdPercent = 50%, CurrentStatisticalPeriodRate = 633153, Last
StatisticalPeriodRate = 35476930)2000-05-01T16:09:26+08:00 s5700 %%01IFPDT/4/INT_OUTBRDR(l)[1861]: The output rate change ratio exceeded the threshold.(IfIndex = 11, InterfaceName = GigabitEthernet0/0/7, ThresholdPercent = 50%, CurrentStatisticalPeriodRate = 3227, Last
StatisticalPeriodRate = 34863053)2000-05-01T18:10:32+08:00 s5700 %%01SNMP/4/SNMP_FAIL(s)[1862]: Failed to login through SNMP. (Ip=9.9.9.9, Times=2, Reason=the community was incorrect, VPN= )
2000-05-01T18:10:32+08:00 s5700 %%01SNMP/4/SNMP_IPLOCK(s)[1863]: The source IP was locked because of the failure of login through SNMP.(SourceIP=9.9.9.9, VPN= )
2000-05-01T18:10:41+08:00 s5700 %%01SNMP/4/SNMP_IPUNLOCK(s)[1864]: The source IP was unlocked.(SourceIP=9.9.9.9, VPN= )
2000-05-01T18:10:42+08:00 s5700 %%01SNMP/4/SNMP_FAIL(s)[1865]: Failed to login through SNMP. (Ip=9.9.9.9, Times=3, Reason=the community was incorrect, VPN= )
2000-05-01T18:10:42+08:00 s5700 %%01SNMP/4/SNMP_IPLOCK(s)[1866]: The source IP was locked because of the failure of login through SNMP.(SourceIP=9.9.9.9, VPN= )
2000-05-01T18:10:59+08:00 s5700 %%01SNMP/4/SNMP_IPUNLOCK(s)[1867]: The source IP was unlocked.(SourceIP=9.9.9.9, VPN= )
2000-05-01T18:10:59+08:00 s5700 %%01SNMP/4/SNMP_FAIL(s)[1868]: Failed to login through SNMP. (Ip=9.9.9.9, Times=4, Reason=the community was incorrect, VPN= )
2000-05-01T18:10:59+08:00 s5700 %%01SNMP/4/SNMP_IPLOCK(s)[1869]: The source IP was locked because of the failure of login through SNMP.(SourceIP=9.9.9.9, VPN= )
2000-05-01T18:11:33+08:00 s5700 %%01SNMP/4/SNMP_IPUNLOCK(s)[1870]: The source IP was unlocked.(SourceIP=9.9.9.9, VPN= )
2000-05-01T18:11:34+08:00 s5700 %%01SNMP/4/SNMP_FAIL(s)[1871]: Failed to login through SNMP. (Ip=9.9.9.9, Times=5, Reason=the community was incorrect, VPN= )
2000-05-01T18:11:34+08:00 s5700 %%01SNMP/4/SNMP_IPLOCK(s)[1872]: The source IP was locked because of the failure of login through SNMP.(SourceIP=9.9.9.9, VPN= )
2000-05-01T18:16:35+08:00 s5700 %%01SNMP/4/SNMP_IPUNLOCK(s)[1873]: The source IP was unlocked.(SourceIP=9.9.9.9, VPN= )
2000-05-01T21:21:58+08:00 s5700 IFPDT/4/PORT_INRATECHG: OID 1.3.6.1.4.1.2011.5.25.157.2.219 The input rate change ratio exceeded the threshold.(IfIndex = 44, InterfaceName = GigabitEthernet0/0/40, ThresholdPercent = 50%, CurrentStatisti
calPeriodRate = 818080, LastStatisticalPeriodRate = 29801896)2000-05-01T21:21:58+08:00 s5700 %%01IFPDT/4/INT_INBRDR(l)[1874]: The input rate change ratio exceeded the threshold.(IfIndex = 44, InterfaceName = GigabitEthernet0/0/40, ThresholdPercent = 50%, CurrentStatisticalPeriodRate = 818080, Las
tStatisticalPeriodRate = 29801896)2000-05-01T21:21:59+08:00 s5700 IFPDT/4/PORT_OUTRATECHG: OID 1.3.6.1.4.1.2011.5.25.157.2.220 The output rate change ratio exceeded the threshold.(IfIndex = 37, InterfaceName = GigabitEthernet0/0/33, ThresholdPercent = 50%, CurrentStatis
ticalPeriodRate = 636819, LastStatisticalPeriodRate = 29618543)2000-05-01T21:21:59+08:00 s5700 %%01IFPDT/4/INT_OUTBRDR(l)[1875]: The output rate change ratio exceeded the threshold.(IfIndex = 37, InterfaceName = GigabitEthernet0/0/33, ThresholdPercent = 50%, CurrentStatisticalPeriodRate = 636819, L
astStatisticalPeriodRate = 29618543)2000-05-01T21:26:59+08:00 s5700 IFPDT/4/PORT_OUTRATECHG: OID 1.3.6.1.4.1.2011.5.25.157.2.220 The output rate change ratio exceeded the threshold.(IfIndex = 44, InterfaceName = GigabitEthernet0/0/40, ThresholdPercent = 50%, CurrentStatis
ticalPeriodRate = 511955, LastStatisticalPeriodRate = 57380143)2000-05-01T21:26:59+08:00 s5700 %%01IFPDT/4/INT_OUTBRDR(l)[1876]: The output rate change ratio exceeded the threshold.(IfIndex = 44, InterfaceName = GigabitEthernet0/0/40, ThresholdPercent = 50%, CurrentStatisticalPeriodRate = 511955, L
astStatisticalPeriodRate = 57380143)2000-05-01T21:27:00+08:00 s5700 IFPDT/4/PORT_INRATECHG: OID 1.3.6.1.4.1.2011.5.25.157.2.219 The input rate change ratio exceeded the threshold.(IfIndex = 37, InterfaceName = GigabitEthernet0/0/33, ThresholdPercent = 50%, CurrentStatisti
calPeriodRate = 179315, LastStatisticalPeriodRate = 57054586)2000-05-01T21:27:00+08:00 s5700 %%01IFPDT/4/INT_INBRDR(l)[1877]: The input rate change ratio exceeded the threshold.(IfIndex = 37, InterfaceName = GigabitEthernet0/0/33, ThresholdPercent = 50%, CurrentStatisticalPeriodRate = 179315, Las
tStatisticalPeriodRate = 57054586)2000-05-02T00:21:01+08:00 s5700 %%01CM/5/USER_ACCESSRESULT(s)[1878]: [USER_INFO_AUTHENTICATION]DEVICEMAC:f8-6e-ee-73-fb-00;DEVICENAME:s5700;USER:admin;MAC:ff-ff-ff-ff-ff-ff;IPADDRESS:192.168.70.14;TIME:957226861;ZONE:UTC+0800;DAYLIGHT:f
alse;ERRCODE:0;RESULT:success;CIB ID:11;ACCESS TYPE:HTTP;2000-05-02T00:21:01+08:00 s5700 %%01HTTP/6/LOGINOK(s)[1879]: User logged in successfully. (UserName=admin, IPAddress=192.168.70.14, VpnName=)
2000-05-02T00:21:04+08:00 s5700 %%01SHELL/6/DISPLAY_CMDRECORD(s)[1880]: Recorded display command information. (Task=We0, Ip=192.168.70.14, VpnName=, User=admin, AuthenticationMethod="Local-user", Command="display authentication mode")
2000-05-02T00:21:06+08:00 s5700 %%01SHELL/6/DISPLAY_CMDRECORD(s)[1881]: Recorded display command information. (Task=We0, Ip=192.168.70.14, VpnName=, User=admin, AuthenticationMethod="Local-user", Command="display device")
2000-05-02T00:21:07+08:00 s5700 %%01SHELL/6/DISPLAY_CMDRECORD(s)[1882]: Recorded display command information. (Task=We0, Ip=192.168.70.14, VpnName=, User=admin, AuthenticationMethod="Local-user", Command="display patch-information")
2000-05-02T00:21:10+08:00 s5700 %%01SHELL/6/DISPLAY_CMDRECORD(s)[1883]: Recorded display command information. (Task=We0, Ip=192.168.70.14, VpnName=, User=admin, AuthenticationMethod="Local-user", Command="display poe power")
2000-05-02T00:21:18+08:00 s5700 %%01SHELL/5/CMDRECORD(s)[1884]: Recorded command information. (Task=We0, Ip=192.168.70.14, VpnName=, User=admin, AuthenticationMethod="Local-user", Command="quit")
2000-05-02T00:21:18+08:00 s5700 %%01SHELL/6/DISPLAY_CMDRECORD(s)[1885]: Recorded display command information. (Task=We0, Ip=192.168.70.14, VpnName=, User=admin, AuthenticationMethod="Local-user", Command="display startup")
2000-05-02T00:21:18+08:00 s5700 %%01SHELL/5/CMDRECORD(s)[1886]: Recorded command information. (Task=We0, Ip=192.168.70.14, VpnName=, User=admin, AuthenticationMethod="Local-user", Command="quit")
2000-05-02T00:21:18+08:00 s5700 %%01SHELL/6/DISPLAY_CMDRECORD(s)[1887]: Recorded display command information. (Task=We0, Ip=192.168.70.14, VpnName=, User=admin, AuthenticationMethod="Local-user", Command="display module-information")
2000-05-02T00:21:19+08:00 s5700 %%01SHELL/5/CMDRECORD(s)[1888]: Recorded command information. (Task=We0, Ip=192.168.70.14, VpnName=, User=admin, AuthenticationMethod="Local-user", Command="quit")
2000-05-02T00:21:19+08:00 s5700 %%01SHELL/6/DISPLAY_CMDRECORD(s)[1889]: Recorded display command information. (Task=We0, Ip=192.168.70.14, VpnName=, User=admin, AuthenticationMethod="Local-user", Command="display current-configuration c
onfiguration system | include http server load")2000-05-02T00:21:19+08:00 s5700 %%01SHELL/5/CMDRECORD(s)[1890]: Recorded command information. (Task=We0, Ip=192.168.70.14, VpnName=, User=admin, AuthenticationMethod="Local-user", Command="quit")
2000-05-02T00:21:19+08:00 s5700 %%01SHELL/6/DISPLAY_CMDRECORD(s)[1891]: Recorded display command information. (Task=We0, Ip=192.168.70.14, VpnName=, User=admin, AuthenticationMethod="Local-user", Command="display module-information next
-startup")2000-05-02T00:21:19+08:00 s5700 %%01SHELL/6/DISPLAY_CMDRECORD(s)[1892]: Recorded display command information. (Task=We0, Ip=192.168.70.14, VpnName=, User=admin, AuthenticationMethod="Local-user", Command="display schedule reboot")
2000-05-02T00:21:22+08:00 s5700 %%01SHELL/6/DISPLAY_CMDRECORD(s)[1893]: Recorded display command information. (Task=We0, Ip=192.168.70.14, VpnName=, User=admin, AuthenticationMethod="Local-user", Command="display info-center")
2000-05-02T00:21:22+08:00 s5700 %%01SHELL/5/CMDRECORD(s)[1894]: Recorded command information. (Task=We0, Ip=192.168.70.14, VpnName=, User=admin, AuthenticationMethod="Local-user", Command="undo info-center timestamp log")
2000-05-02T00:21:22+08:00 s5700 %%01SHELL/6/DISPLAY_CMDRECORD(s)[1895]: Recorded display command information. (Task=We0, Ip=192.168.70.14, VpnName=, User=admin, AuthenticationMethod="Local-user", Command="display logbuffer")
2000-05-02T00:21:23+08:00 s5700 %%01SHELL/5/CMDRECORD(s)[1896]: Recorded command information. (Task=We0, Ip=192.168.70.14, VpnName=, User=admin, AuthenticationMethod="Local-user", Command="info-center timestamp log date")
2000-05-02T00:21:26+08:00 s5700 %%01SHELL/6/DISPLAY_CMDRECORD(s)[1897]: Recorded display command information. (Task=We0, Ip=192.168.70.14, VpnName=, User=admin, AuthenticationMethod="Local-user", Command="display info-center")
版权声明:本文为JackCurry原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接和本声明。