Syslog: Configure syslog server logging (Cisco)

    Syslog: Configure syslog server logging (Cisco)

    Technology: Monitoring
    Area: Simple syslog configuration
    Vendor: Cisco
    Software: 10.0, 10.2-3, 11.0-3, 12.0, 12.0T, 12.1, 12.1T , 15.X
    Platform: Cisco

    Syslog is a standard for logging messages. The syslog messages are generated by our routers and our switches to let us know about everything that has happened. And it could be a wide range of things that have happened, from anything about to an emergency to something that’s just a simple notification. We can configure the messages to be forwarded to various destinations i.e. logging buffer, console line, terminal line and finally to syslog server. By default, syslog messages go to the console line. Those first three options will not help us in case of power loss or restart – the data will be gone. The best option is to take those messages and send them to a syslog server. There is such a thing as the severity levels of syslog messages. Severity levels indicates how important particular messages are. There are 8 severity levels:

    Severity Level Name Description
    0 Emergencies Router unusable
    1 Alerts Immediate action required
    2 Critical Condition critical
    3 Errors Error condition
    4 Warnings Warning condition
    5 Notifications Normal but important event
    6 Informational Informational messages
    7 Debugging Debug message

     

    For example level 6 – informational is giving us some information about something that has happened. If we set level informational on switch or router then we will obtain syslogs from chosen level as well as all preceding levels.

    How to configure syslog server logging on Cisco IOS?

    To enable syslog (basic config), use the following command on router  :

    R1# configure terminal
    R1(config)# logging host x.x.x.x
    R1(config)# logging trap informational (it differ on your requirement, choose between severity levels 0-7)
    R1(config)# logging history informational (as above)
    R1(config)# logging origin-id hostname
    R1(config)# facility local6
    R1(config)# logging host x.x.x.x transport udp port x

    Before enabling logging make sure your router is correctly setup to receive time from NTP server or configure it manually to get time. Use command set clock or ntp server x.x.x.x to sync clock to router.

    Additionally, it is worth using the following commands:

    R1(config)# service sequence numbers
    R1(config)# service timestamps log

    The first one stamps log messages with a sequence number, the second one adds a date and time of the message or event.

    We may also specify which types of messages should be displayed:

    Type Description
    Console Specifies what is displayed on the console.
    Trap Specifies what is sent to the syslog server.
    Monitor Sends to terminal lines only messages that are warnings or below by setting the level to 4.
    History Specifies what level is kept in the local history table if you have enabled the syslog message traps to be sent to an SNMP management station.

    We use cookies on our website. Some of them are essential for the operation of the site, while others help us to improve this site and the user experience (tracking cookies). You can decide for yourself whether you want to allow cookies or not. Please note that if you reject them, you may not be able to use all the functionalities of the site.

    Ok Decline
    More information