Technology: Monitoring
Area: Simple syslog configuration
Vendor: Cisco
Software: 10.0, 10.2-3, 11.0-3, 12.0, 12.0T, 12.1, 12.1T
Platform: Catalyst platforms, Routing platforms
Syslog is a standard for logging messages. The syslog messages are generated by our routers and our switches to let us know about everything that has happened. And it could be a wide range of things that have happened, from anything about to an emergency to something that’s just a simple notification. We can configure the messages to be forwarded to various destinations i.e. logging buffer, console line, terminal line and finally to syslog server. By default, syslog messages go to the console line. Those first three options will not help us in case of power loss or restart – the data will be gone. The best option is to take those messages and send them to a syslog server. There is such a thing as the severity levels of syslog messages. Severity levels indicates how important particular messages are. There are 8 severity levels:
Severity Level | Name | Description |
0 | Emergencies | Router unusable |
1 | Alerts | Immediate action required |
2 | Critical | Condition critical |
3 | Errors | Error condition |
4 | Warnings | Warning condition |
5 | Notifications | Normal but important event |
6 | Informational | Informational messages |
7 | Debugging | Debug message |
For example level 6 – informational is giving us some information about something that has happened. If we set level informational on switch or router then we will obtain syslogs from chosen level as well as all preceding levels.
How to configure syslog server logging on Cisco IOS?
To enable syslog (basic config), use the following command on router 1:
R1# configure terminal
R1(config)# logging host x.x.x.x
R1(config)# logging trap informational (it differ on your requirement, choose between severity levels 0-7)
R1(config)# logging history informational (as above)
R1(config)# logging origin-id hostname
R1(config)# facility local6
R1(config)# logging host x.x.x.x transport udp port x
Before enabling logging make sure your router is correctly setup to receive time from NTP server or configure it manually to get time. Use command set clock or ntp server x.x.x.x to sync clock to router.
Additionally, it is worth using the following commands:
R1(config)# service sequence numbers
R1(config)# service timestamps log
The first one stamps log messages with a sequence number, the second one adds a date and time of the message or event.
We may also specify which types of messages should be displayed:
Type | Description |
Console | Specifies what is displayed on the console. |
Trap | Specifies what is sent to the syslog server. |
Monitor | Sends to terminal lines only messages that are warnings or below by setting the level to 4. |
History | Specifies what level is kept in the local history table if you have enabled the syslog message traps to be sent to an SNMP management station. |