🌐
CCNA Prep
  • Intro
  • Network Devices
  • Interfaces and Cables
  • OSI Model & TCP/IP Suite
  • Intro to the CLI
  • Ethernet LAN Switching (Part 1)
  • Ethernet LAN Switching (Part 2)
  • IPv4 Addressing (Part 1)
  • IPv4 Addressing (Part 2)
  • Switch Interfaces
  • IPv4 Header
  • Routing Fundamentals
  • The Life of a Packet
  • Subnetting (Part 1)
  • Subnetting (Part 2)
  • Subnetting (Part 3 - VLSM)
  • VLANs (Part 1)
  • VLANs (Part 2)
  • VLANs (Part 3)
  • DTP/VTP
  • Spanning Tree Protocol (Part 1)
  • Spanning Tree Protocol (Part 2)
  • Rapid Spanning Tree Protocol
  • EtherChannel
  • Dynamic Routing
  • RIP & EIGRP
  • OSPF (Part 1)
  • OSPF (Part 2)
  • OSPF (Part 3)
  • First Hop Redundancy Protocols
  • TCP & UDP
  • IPv6 (Part 1)
  • IPv6 (Part 2)
  • IPv6 (Part 3)
  • Standard ACLs
  • Extended ACLs
  • CDP & LLDP
  • NTP
  • DNS
  • DHCP
  • SNMP
  • Syslog
  • SSH
  • FTP & TFTP
  • NAT (Part 1)
  • NAT (part 2)
  • QoS (Part 1)
  • QoS (Part 2)
  • Security Fundamentals
  • Port Security
  • DHCP Snooping
  • Dynamic ARP Inspection
  • LAN Architectures
  • WAN Architectures
  • Virtualization & Cloud, Containers, VRF
  • Wireless Fundamentals
  • Wireless Architectures
  • Wireless Security
  • Wireless Configuration
  • Network Automation
  • JSON, XML, & YAML
  • REST APIs
  • Software-Defined Networking
  • Ansible, Puppet, & Chef
Powered by GitBook
On this page

Syslog

Day 41

PreviousSNMPNextSSH

Last updated 1 year ago

Syslog is an industry-standard protocol for message logging. Syslog can be used to log events like changes in interface status, OSPF neighbour status, system restarts, etc. The messages can be displayed in the CLI of the devices saved in the RAM or sent to an external Syslog server. Logs are an essential part of troubleshooting, examining the cause of incidents, etc.

Message format

  • A sequence number indicates the sequence of messages. May or may not be displayed, depending on the device's configuration. To configure the sequence number to be displayed, enter the command service sequence-numbers from the global config mode.

  • A timestamp indicates the time the message is generated. May or may not be displayed, depending on the device's configuration. To configure the timestamp, enter the command service timestamps log followed by datetime - for timestamp with date and time, uptime - for timestamp with system uptime.

  • A facility indicates the process which generated the message.

  • A severity number indicates the severity of the logged event.

  • A mnemonic is a short code for the message indicating what happened.

  • A description is a detailed information on the event being reported.

Severity levels

Level
Keyword
Description

0

Emergency

System is unusable

1

Alert

Action must be taken immediately

2

Critical

Critical conditions

3

Error

Error conditions

4

Warning

Warning conditions

5

Notice (Notification)

Normal but significant condition

6

Informational

Informational messages

7

Debugging

Debug-level messages

Every Awesome Cisco Engineer Will Need Ice-cream Daily - the good way to remember the severity level keywords.

Logging locations

  • Console line: Syslog messages are displayed in the CLI when connected to the device via the console port. By default, all messages (Level 0-7) are displayed.

  • VTY lines: Syslog messages are displayed in the CLI when connected to the device via Telnet/SSH. Disabled by default.

  • Buffer: Syslog messages will be saved to RAM. By default, all messages are displayed.

  • External server: A device can be configured to send the Syslog messages to an external server. Syslog servers listen on UDP port 514.

Configuration

  • Configure logging to the console line - logging console followed by the severity level number or keyword. This enables logging for the specified severity level and higher.

  • Configure logging to the VTY lines - logging monitor followed by the severity level. By default, Syslog messages are not displayed. To display them, use the command terminal monitor from the privileged exec mode every time you connect to the device via Telnet or SSH.

  • Configure logging to the buffer - logging buffered followed by the buffer size in bytes and the severity level.

  • Configure logging to an external server - logging or logging host followed by the server IP address. To set the logging level - logging trap followed by the severity level.

By default, logging messages are displayed in the CLI while you are in the middle of typing a command. To prevent this, use the command logging synchronous on the appropriate line. This causes a new line to be printed if your typing is interrupted by a logging message.

12KB
Day 41 Flashcards - Syslog.apkg
83KB
Day 41 Lab - Syslog.pkt
Summary
message format
summary