文章出处：www.net1980.com 原创

       网络设备的日志信息用于记录设备运行过程中发生事件，例如端口状态变化、路由变化、数据冲突、错误等。这些日志一般包含日期、时间、事件等三项信息，这些信息对于网络分析和处理故障非常有帮助。

       思科网络设备的日志时间格式有两种，第一种是记录设备系统时钟里的日期和时间；而第二种则是记录从设备开启到事件发生所经过的时间。思科设备默认使用第二种，假如我们不修改这个默认值的话，时间长了我们很难推算这些日志事件具体是发生在什么时候。

       以下是一段采用默认时间格式的日志信息：

C2950-48# sh logging

Syslog logging: enabled (0 messages dropped, 12 messages rate-limited, 0 flushes, 0 overruns)

Console logging: level debugging, 124117 messages logged

Monitor logging: level debugging, 870 messages logged

Buffer logging: level debugging, 124129 messages logged

Exception Logging: size (4096 bytes)

File logging: disabled

Trap logging: level informational, 123284 message lines logged

Log Buffer (4096 bytes):

1y21w: %LINK-3-UPDOWN: Interface FastEthernet0/30, changed state to up

1y21w: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/41, changed state to down

1y21w: %LINK-3-UPDOWN: Interface FastEthernet0/41, changed state to down

1y21w: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/30, changed state to up

1y21w: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/32, changed state to down

1y21w: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/32, changed state to up

1y21w: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/37, changed state to down

1y21w: %LINK-3-UPDOWN: Interface FastEthernet0/37, changed state to down

1y21w: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/35, changed state to down

1y21w: %LINK-3-UPDOWN: Interface FastEthernet0/35, changed state to down

1y21w: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/40, changed state to down

       上面日志里，红色字体就是日志的时间信息了，1y21w的意思是：这个事件发生在设备启动后的1年又21周。看到这种时间信息，估计大家一定会晕了。因为假如不记得设备什么时候启动的话，根本无法推算这个事件发生的具体时间。不知道思科为什么要采用这种方式作为日志记录的默认时间格式。

       还好，思科还提供另一种日志时间格式，可以直接使用设备内置日期和时间进行记录。设置方法如下：

Router(config)#service timestamps log ?

datetime Timestamp with date and time /*记录系统实际的日期和时间 */

uptime Timestamp with system uptime /*从设备启动开启计时（默认格式）*/

<cr>

输入以下命令即可修改为记录系统实际的日期和时间。

Router(config)#service timestamps log datetime

另外还可以按自己的需求，继续设置时区和开启毫秒精度记录：

Router(config)#service timestamps log datetime ?

localtime Use local time zone for timestamps

msec Include milliseconds in timestamp

show-timezone Add time zone information to timestamp

修改之后日志的时间格式如下：

C2950-48#sh logging

Syslog logging: enabled (0 messages dropped, 6 messages rate-limited, 0 flushes, 0 overruns)

Console logging: level debugging, 149979 messages logged

Monitor logging: level debugging, 211 messages logged

Buffer logging: level debugging, 149985 messages logged

Exception Logging: size (4096 bytes)

File logging: disabled

Trap logging: level informational, 149990 message lines logged

Log Buffer (4096 bytes):

Interface FastEthernet0/19, changed state to down

.Apr 21 15:58:51: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/22, changed state to down

.Apr 21 15:58:51: %LINK-3-UPDOWN: Interface FastEthernet0/19, changed state to down

.Apr 21 15:58:52: %LINK-3-UPDOWN: Interface FastEthernet0/22, changed state to down

.Apr 21 15:58:54: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/12, changed state to down

.Apr 21 15:58:54: %LINK-3-UPDOWN: Interface FastEthernet0/22, changed state to up

.Apr 21 15:58:55: %LINK-3-UPDOWN: Interface FastEthernet0/12, changed state to down

.Apr 21 15:58:55: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/22, changed state to up

.Apr 21 15:59:03: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/27, changed state to down

        从这个日志信息我们已经可以很明确的看到事件发审的具体时间了，例如Apr 21 15:58:51，代表发生时间是4月21日，15点58分51秒。使用思科网络设备的朋友，建议一定要对默认的日志时间格式进行修改。

此文章本站原创，转载请保留出处：http://www.net1980.com/2011/07/13/service-timestamps-log/