Scribd
Upload
30 views

Syslog Tutorial

Syslog is a tool for system monitoring that is included in most systems. It allows logging messages to be sent to local storage like flash memory or a buffer, or remotely to a syslog server. Messages have a standardized format including sequence number, timestamp, facility, severity level and message text. Configuring syslog involves specifying the destination such as a server IP and setting the minimum severity level to log.

Uploaded by

maguette
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
30 views

Syslog Tutorial

Syslog is a tool for system monitoring that is included in most systems. It allows logging messages to be sent to local storage like flash memory or a buffer, or remotely to a syslog server. Messages have a standardized format including sequence number, timestamp, facility, severity level and message text. Configuring syslog involves specifying the destination such as a server IP and setting the minimum severity level to log.

Uploaded by

maguette
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

Syslog Tutorial

As an administrator of a network, you have just completed all the configuration and they are
working nicely. Now maybe the next thing you want to do is to set up something that can alert
you when something goes wrong or down in your network. Syslog is an excellent tool for
system monitoring and is almost always included in your distribution.

Places to store and display syslog messages

There are some places we can send syslog messages to:

Place to store syslog messages Command to use


Internal buffer (inside a switch or router) logging buffered [size]
Syslog server logging
Flash memory logging file flash:filename
Nonconsole terminal (VTY connection…) terminal monitor
Console line logging console

Note: If sent to a syslog server, messages are sent on UDP port 514.

By default, Cisco routers and switches send log messages to the console. We should use a
syslog server to contain our logging messages with the logging command. Syslog server is the
most popular place to store logging messages and administrators can easily monitor the
wealth of their networks based on the received information.

Syslog syntax

A syslog message has the following format:

seq no:timestamp%FACILTY-SEVERITY-MNEMONIC: message text

Each portion of a syslog message has a specific meaning:


+ Seq no: a sequence number only if the service sequence-numbers global configuration
command is configured
+ Timestamp: Date and time of the message or event. This information appears only if the
service timestamps global configuration command is configured.
+ FACILITY: This tells the protocol, module, or process that generated the message. Some
examples are SYS for the operating system, IF for an interface…
+ SEVERITY: A number from 0 to 7 designating the importance of the action reported. The
levels are:

Level Keyword Description


0 emergencies System is unusable
1 alerts Immediate action is needed
2 critical Critical conditions exist
3 errors Error conditions exist
4 warnings Warning conditions exist
5 notification Normal, but significant, conditions exist
6 informational Informational messages
7 debugging Debugging messages

Note: You can remember the order above with the sentence: “Eventually All Critical Errors
Will Not Involve Damage”.

The highest level is level 0 (emergencies). The lowest level is level 7. To change the
minimum severity level that is sent to syslog, use the logging trap level configuration
command. If you specify a level, that level and all the higher levels will be displayed. For
example, by using the logging console warnings command, all the logging of emergencies,
alerts, critical, errors, warnings will be displayed. Levels 0 through 4 are for events that could
seriously impact the device, whereas levels 5 through 7 are for less-important events. By
default, syslog servers receive informational messages (level 6).

+ MNEMONIC: A code that identifies the action reported.


+ message text: A plain-text description of the event that triggered the syslog message.

Let’s see an example of the syslog message:

39345: May 22 13:56:35.811: %LINEPROTO-5-UPDOWN: Line protocol on Interface


Serial0/0/1, changed state to down

+ seq no: 39345


+ Timestamp: May 22 13:56:35.811
+ FACILTY: LINEPROTO
+ SEVERITY level: 5 (notification)
+ MNEMONIC: UPDOWN
+ message text: Line protocol on Interface Serial0/0/1, changed state to down

Syslog Configuration

The following example tells the device to store syslog messages to a server on 10.10.10.150
and limit the messages for levels 4 and higher (0 through 4):

Router(config)#logging 10.10.10.150
Router(config)#logging trap 4

Of course on the server 10.10.10.150 we have to use a syslog software to capture the syslog
messages sent to this server.

You might also like