Menu

US Region

Grandmetric LLC
Brookfield Place Office
200 Vesey Street
New York, NY 10281
EIN: 98-1615498
+1 302 691 94 10
info@grandmetric.com

EMEA Region

GRANDMETRIC Sp. z o.o.
ul. Metalowa 5, 60-118 Poznań, Poland
NIP 7792433527
+48 61 271 04 43
info@grandmetric.com

UK

Grandmetric LTD
Office 584b
182-184 High Street North
London
E6 2JA
+44 20 3321 5276
info@grandmetric.com

  • en
  • pl
  • Syslog: Configure syslog server logging (Cisco)

    Design & Configure

    Syslog: Configure syslog server logging (Cisco)

    Technology: Monitoring
    Area: Simple syslog configuration
    Vendor: Cisco
    Software: 10.0, 10.2-3, 11.0-3, 12.0, 12.0T, 12.1, 12.1T
    Platform: Catalyst platforms, Routing platforms

    Syslog is a standard for logging messages. The syslog messages are generated by our routers and our switches to let us know about everything that has happened. And it could be a wide range of things that have happened, from anything about to an emergency to something that’s just a simple notification. We can configure the messages to be forwarded to various destinations i.e. logging buffer, console line, terminal line and finally to syslog server. By default, syslog messages go to the console line. Those first three options will not help us in case of power loss or restart – the data will be gone. The best option is to take those messages and send them to a syslog server. There is such a thing as the severity levels of syslog messages. Severity levels indicates how important particular messages are. There are 8 severity levels:

    Severity Level Name Description
    0 Emergencies Router unusable
    1 Alerts Immediate action required
    2 Critical Condition critical
    3 Errors Error condition
    4 Warnings Warning condition
    5 Notifications Normal but important event
    6 Informational Informational messages
    7 Debugging Debug message

     

    For example level 6 – informational is giving us some information about something that has happened. If we set level informational on switch or router then we will obtain syslogs from chosen level as well as all preceding levels.

    How to configure syslog server logging on Cisco IOS?

    To enable syslog (basic config), use the following command on router 1:

    R1# configure terminal
    R1(config)# logging host x.x.x.x
    R1(config)# logging trap informational (it differ on your requirement, choose between severity levels 0-7)
    R1(config)# logging history informational (as above)
    R1(config)# logging origin-id hostname
    R1(config)# facility local6
    R1(config)# logging host x.x.x.x transport udp port x

    Before enabling logging make sure your router is correctly setup to receive time from NTP server or configure it manually to get time. Use command set clock or ntp server x.x.x.x to sync clock to router.

    Additionally, it is worth using the following commands:

    R1(config)# service sequence numbers
    R1(config)# service timestamps log

    The first one stamps log messages with a sequence number, the second one adds a date and time of the message or event.

    We may also specify which types of messages should be displayed:

    Type Description
    Console Specifies what is displayed on the console.
    Trap Specifies what is sent to the syslog server.
    Monitor Sends to terminal lines only messages that are warnings or below by setting the level to 4.
    History Specifies what level is kept in the local history table if you have enabled the syslog message traps to be sent to an SNMP management station.

     

    Author: Karol Piatek
     
    Grandmetric