SYSLOG
TABLE OF CONTENTS
1 General..........................................................................................................................................................1
2 Configuration.................................................................................................................................................1
1 GENERAL
- By default, IOS shows log messages to all console users for all severity levels
- Syslog uses UDP/514 by default, but port can be configured
- 3 places to output syslog:
o Console
o Logging buffer
o Syslog server
- MAKE SURE NTP IF CONFIGURED PROPERLY SO TIMESTAMPS ARE CORRECT
- Default logging buffer is 4096 bytes
- Example:
*Jan 24 [Link] %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet1/2, changed state to up
o Timestamp: Jan 24 [Link]
o The facility on the router that generated the message: %LINEPROTO
o Severity level: 5
o Mnemonic for the message: UPDOWN
o Description: Line protocol on Interface Ethernet1/2, changed state to up
- Severity levels (can be changed):
Keyword Numeral
Emergency 0
Alert 1
Critical 2
Error 3
Warning 4
Notification 5
Informational 6
Debug 7
- The debug command stays active even after user closes terminal or logs out
- Debug logging sends logging to all logged in users + uses CPU, so be cautious for not overloading it
- Syslog can be used to send debug to syslog server instead of to console (to make sure console does
not crash), MAKE SURE LOGGING CONSOLE/MONITOR IS DISABLED
2 CONFIGURATION
[no] Logging console [levelname| Conf By default enabled, shows log messages to
levelNumber] all console users for all severity levels. Best
practice to disable this because too many
log messages to the console can blow up
the router
1
�[no] Logging monitor [levelname| Conf Enable/disable the sending of log messages
levelNumber] to all logged users
Terminal monitor Conf Required after logging monitor to receive
the log messages in your terminal
Logging buffered [levelname|levelNumber] Conf Default, stores the logs in RAM, otherwise
it is discarded
Logging buffered bufferSizeInBytes Conf Default buffer size is 4096 bytes, can be
configured from 4094-2147183647
Logging host {address|hostname} Conf Send logging to syslog server
Logging trap [levelname|levelNumber] Conf Set severity levels to log to syslog server
[OPT] logging source-interface intf Conf
Service timestamps [log datetime msec] Conf Enable timestamps on logs
Service timestamps log datetime localtime Conf Sync logging time with localtime
[year]
Service sequence-numbers Conf Enable sequence numbers on logs
Show logging Show stored logs
Clear logging
Show process cpu
