Syslog

Day 41

Syslog is an industry-standard protocol for message logging. Syslog can be used to log events like changes in interface status, OSPF neighbour status, system restarts, etc. The messages can be displayed in the CLI of the devices saved in the RAM or sent to an external Syslog server. Logs are an essential part of troubleshooting, examining the cause of incidents, etc.

Message format

A sequence number indicates the sequence of messages. May or may not be displayed, depending on the device's configuration. To configure the sequence number to be displayed, enter the command service sequence-numbers from the global config mode.
A timestamp indicates the time the message is generated. May or may not be displayed, depending on the device's configuration. To configure the timestamp, enter the command service timestamps log followed by datetime - for timestamp with date and time, uptime - for timestamp with system uptime.
A facility indicates the process which generated the message.
A severity number indicates the severity of the logged event.
A mnemonic is a short code for the message indicating what happened.
A description is a detailed information on the event being reported.

Severity levels

Level	Keyword	Description
0	Emergency	System is unusable
1	Alert	Action must be taken immediately
2	Critical	Critical conditions
3	Error	Error conditions
4	Warning	Warning conditions
5	Notice (Notification)	Normal but significant condition
6	Informational	Informational messages
7	Debugging	Debug-level messages

Level

Keyword

Description

Emergency

System is unusable

Alert

Action must be taken immediately

Critical

Critical conditions

Error

Error conditions

Warning

Warning conditions

Notice (Notification)

Normal but significant condition

Informational

Informational messages

Debugging

Debug-level messages

Every Awesome Cisco Engineer Will Need Ice-cream Daily - the good way to remember the severity level keywords.

Logging locations

Console line: Syslog messages are displayed in the CLI when connected to the device via the console port. By default, all messages (Level 0-7) are displayed.
VTY lines: Syslog messages are displayed in the CLI when connected to the device via Telnet/SSH. Disabled by default.
Buffer: Syslog messages will be saved to RAM. By default, all messages are displayed.
External server: A device can be configured to send the Syslog messages to an external server. Syslog servers listen on UDP port 514.

Configuration

Configure logging to the console line - logging console followed by the severity level number or keyword. This enables logging for the specified severity level and higher.
Configure logging to the VTY lines - logging monitor followed by the severity level. By default, Syslog messages are not displayed. To display them, use the command terminal monitor from the privileged exec mode every time you connect to the device via Telnet or SSH.
Configure logging to the buffer - logging buffered followed by the buffer size in bytes and the severity level.
Configure logging to an external server - logging or logging host followed by the server IP address. To set the logging level - logging trap followed by the severity level.

By default, logging messages are displayed in the CLI while you are in the middle of typing a command. To prevent this, use the command logging synchronous on the appropriate line. This causes a new line to be printed if your typing is interrupted by a logging message.

12KB

Day 41 Flashcards - Syslog.apkg

83KB

Day 41 Lab - Syslog.pkt

PreviousSNMP NextSSH

Last updated 8 months ago