Knowledge Base

Design & Configure

Syslog: Configure syslog server logging (Cisco)

Technology: Monitoring
Area: Simple syslog configuration
Vendor: Cisco
Software: 10.0, 10.2-3, 11.0-3, 12.0, 12.0T, 12.1, 12.1T
Platform: Catalyst platforms, Routing platforms

Syslog is a standard for logging messages. The syslog messages are generated by our routers and our switches to let us know about everything that has happened. And it could be a wide range of things that have happened, from anything about to an emergency to something that’s just a simple notification. We can configure the messages to be forwarded to various destinations i.e. logging buffer, console line, terminal line and finally to syslog server. By default, syslog messages go to the console line. Those first three options will not help us in case of power loss or restart – the data will be gone. The best option is to take those messages and send them to a syslog server. There is such a thing as the severity levels of syslog messages. Severity levels indicates how important particular messages are. There are 8 severity levels:

Severity Level Name Description
0 Emergencies Router unusable
1 Alerts Immediate action required
2 Critical Condition critical
3 Errors Error condition
4 Warnings Warning condition
5 Notifications Normal but important event
6 Informational Informational messages
7 Debugging Debug message

 

For example level 6 – informational is giving us some information about something that has happened. If we set level informational on switch or router then we will obtain syslogs from chosen level as well as all preceding levels.

How to configure syslog server logging on Cisco IOS?

To enable syslog (basic config), use the following command on router 1:

R1# configure terminal
R1(config)# logging host x.x.x.x
R1(config)# logging traps informational (it differ on your requirement, choose between severity levels 0-7)
R1(config)# logging history informational (as above)
R1(config)# logging origin-id hostname
R1(config)# facility local6
R1(config)# logging host x.x.x.x transport udp port x

Before enabling logging make sure your router is correctly setup to receive time from NTP server or configure it manually to get time. Use command set clock or ntp server x.x.x.x to sync clock to router.

Additionally, it is worth using the following commands:

R1(config)# service sequence numbers
R1(config)# service timestamps log

The first one stamps log messages with a sequence number, the second one adds a date and time of the message or event.

We may also specify which types of messages should be displayed:

Type Description
Console Specifies what is displayed on the console.
Trap Specifies what is sent to the syslog server.
Monitor Sends to terminal lines only messages that are warnings or below by setting the level to 4.
History Specifies what level is kept in the local history table if you have enabled the syslog message traps to be sent to an SNMP management station.

 

Author: Karol Piatek
 
Previous
 

Newsletter