Syslog
Day 41
Syslog is an industry-standard protocol for message logging. Syslog can be used to log events like changes in interface status, OSPF neighbour status, system restarts, etc. The messages can be displayed in the CLI of the devices saved in the RAM or sent to an external Syslog server. Logs are an essential part of troubleshooting, examining the cause of incidents, etc.
Message format
A sequence number indicates the sequence of messages. May or may not be displayed, depending on the device's configuration. To configure the sequence number to be displayed, enter the command
service sequence-numbers
from the global config mode.A timestamp indicates the time the message is generated. May or may not be displayed, depending on the device's configuration. To configure the timestamp, enter the command
service timestamps log
followed bydatetime
- for timestamp with date and time,uptime
- for timestamp with system uptime.A facility indicates the process which generated the message.
A severity number indicates the severity of the logged event.
A mnemonic is a short code for the message indicating what happened.
A description is a detailed information on the event being reported.
Severity levels
Level | Keyword | Description |
---|---|---|
0 | Emergency | System is unusable |
1 | Alert | Action must be taken immediately |
2 | Critical | Critical conditions |
3 | Error | Error conditions |
4 | Warning | Warning conditions |
5 | Notice (Notification) | Normal but significant condition |
6 | Informational | Informational messages |
7 | Debugging | Debug-level messages |
Every Awesome Cisco Engineer Will Need Ice-cream Daily - the good way to remember the severity level keywords.
Logging locations
Console line: Syslog messages are displayed in the CLI when connected to the device via the console port. By default, all messages (Level 0-7) are displayed.
VTY lines: Syslog messages are displayed in the CLI when connected to the device via Telnet/SSH. Disabled by default.
Buffer: Syslog messages will be saved to RAM. By default, all messages are displayed.
External server: A device can be configured to send the Syslog messages to an external server. Syslog servers listen on UDP port 514.
Configuration
Configure logging to the console line -
logging console
followed by the severity level number or keyword. This enables logging for the specified severity level and higher.Configure logging to the VTY lines -
logging monitor
followed by the severity level. By default, Syslog messages are not displayed. To display them, use the commandterminal monitor
from the privileged exec mode every time you connect to the device via Telnet or SSH.Configure logging to the buffer -
logging buffered
followed by the buffer size in bytes and the severity level.Configure logging to an external server -
logging
orlogging host
followed by the server IP address. To set the logging level -logging trap
followed by the severity level.
By default, logging messages are displayed in the CLI while you are in the middle of typing a command. To prevent this, use the command logging synchronous
on the appropriate line. This causes a new line to be printed if your typing is interrupted by a logging message.
Last updated