API Guide
4. 在 CONFIGURATION 模式下配置远程 TLS 服务器以接收系统消息。
logging server {ipv4–address | ipv6–address} tls [port-number]
[severity severity-level] [vrf {management | vrf-name]
示例:配置 Syslog over TLS
OS10# copy tftp://CAadmin:secret@172.11.222.1/cacert.pem home://cacert.pem
OS10# crypto ca-cert install home://cacert.pem
Processing certificate ...
Installed Root CA certificate
CommonName = Certificate Authority CA
IssuerName = Certificate Authority CA
OS10# show crypto ca-certs
--------------------------------------
| Locally installed certificates |
--------------------------------------
cacert.crt
OS10# crypto cert generate request cert-file home://clientreq.pem key-file home://
clientkey.pem cname "Top of Rack 6" altname "IP:10.0.0.6 DNS:tor6.dell.com" email
admin@dell.com organization "Dell EMC" orgunit Networking locality "Santa Clara" state
California country US length 2048
Processing certificate ...
Successfully created CSR file /home/admin/clientreq.pem and key
OS10# copy home://clientreq.pem scp://CAadmin:secret@172.11.222.1/clientreq.pem
OS10# copy scp://CAadmin:secret@172.11.222.1/clientcert.pem home://clientcert.pem
OS10# copy scp://CAadmin:secret@172.11.222.1/clientkey.pem home://clientkey.pem
OS10# crypto cert install cert-file home://clientcert.pem key-file home://clientkey.pem
Processing certificate ...
Certificate and keys were successfully installed as "clientcert.crt" that may be used in a
security profile. CN = 10.0.0.6
OS10# show crypto cert
--------------------------------------
| Installed non-FIPS certificates |
--------------------------------------
clientcert.crt
--------------------------------------
| Installed FIPS certificates |
--------------------------------------
OS10(config)# crypto security-profile dellprofile
OS10(config-sec-profile)# certificate clientcert
OS10(config-sec-profile)# exit
OS10(config)# logging security-profile dellprofile
OS10(config)# logging server 10.11.86.139 tls
OS10(config)# do show running-configuration logging
!
logging security-profile dellprofile
logging server 10.11.86.139 tls 514
Identifier
GUID-B72604B3-764E-4D22-85AE-D393FDA7EEE4
Version 5
Status Translation approved
查看系统日志
系统日志文件包含系统事件和警报日志。
使用 show trace 命令以查看当前 syslog 文件。所有事件和警报信息都会发送至 syslog 服务器(如果已配置)。
show logging 命令接受以下参数:
• log-file — 提供详细的日志,包括保存到文件的软件和硬件。
• process-names — 提供当前运行的所有进程的列表(可根据进程名称进行筛选)。
OS10 故障处理 1373