Service Timestamps – make your log timestamps readable

The default logging style for Cisco IOS-based devices is to insert the system uptime in the log entry. This makes it basically useless. Here’s some typical log output:

This is the offending part of the configuration:

If a switch has been up for a few hours, then it’s not too bad, as it will give you an indication to the nearest minute. But once a device has been up for more than a few days, it starts only telling you to the nearest day. After a year, it will tell you to the nearest week. So you can’t tell if that port flapped 5 minutes or 5 days ago. Hopeless. You need to put these lines into your configuration:

Now your log entries will look like this:

Isn’t that so much better? If you haven’t configured NTP correctly, you will see a “*” at the start of the line – this indicates that the time is not externally synchronised. Another option you might like to include is “show-timezone”, which will add “NZST” to your logs. Quite useful if you work with devices using a variety of timezones.

HP Comware devices have some related options for displaying date/time with log entries – but luckily they take a more sane approach of defaulting to displaying date/time with the log. Here’s some of the options:

So you can choose what format to display the date in (or not to display it), and you can insert different timestamps in different log destinations. You might want to display timestamps on locally buffered logs, but remove the date from logs sent to the syslog server, since syslog servers will generally insert their own date. Typical output might look like this:

As for Procurve devices? Well, they don’t offer granularity in log format. They do have an interesting option for viewing buffered logs though. Typical “show log” output will look like this:

But if you enter “show log -b”, it shows the timestamps as time since the switch rebooted:

I don’t really know why they offer that option, but didn’t implement any other controls around syslog format. At least they default to a reasonable log display format.

, ,
No comments yet.

Leave a Reply