As Cisco has had the CCENT and CCNA exams evolve over the years, one of the new topics you can see on the exam is Syslog. Just merely understanding how routing or switching works at a high level is not good enough these days to pass the CCENT or CCNA exam and more importantly be able to get a job managing a Cisco network. Now days with high unemployment the requirements to secure that entry level networking position is higher than ever as employers are looking for the brightest and best. So let’s talk a little about a concept you will see on the exam and you will also use extensively in the real world. So before I go too far into Syslog, let’s take a look at our CCNA exam question and then we will explain the theory behind it.
Syslog was configured with a level 2 trap. Which types of logs would be generated (choose all applicable)
A. Emergencies
B. Alerts
C. Critical
D. Errors
E. Warnings
F. Notification
G. Informational
Wow, there is a lot of choices there. So to make sure we pick the right one on our CCNA exam we need to understand Syslog inside and out. So what is Syslog and how does it work?
Syslog is nothing more than a server that generally provides a centralized location for you to send all your logging information for ease of reviewing. It would really be a pain in the butt if you had to telnet to each individual router to review the log files. So a Syslog server makes you life much easier in providing a centralized location for these messages.
A router or a switch can be configured to send debug and error messages to a logging process. This logging process controls the type of error messages that are stored in switch memory or sent to a remote Syslog server. The system allows you to specify which levels are logged to RAM or flash memory based on the severity of the information from least at 7 which is debugging, to most severe at 0 which is emergencies.
When one configures the trap level, less severe messages are not logged. Therefore a level 2 trap would log emergencies, alerts and critical messages only. The table below shows the various levels which can be configured.
The Message Logging is divided into 8 levels as listed below:
| Level | Keyword | Description |
| 0 | emergencies | System is unusable |
| 1 | alerts | Immediate action is needed |
| 2 | critical | Critical conditions exist |
| 3 | errors | Error conditions exist |
| 4 | warnings | Warning conditions exist |
| 5 | notification | Normal, but significant, conditions exist |
| 6 | informational | Informational messages |
| 7 | debugging | Debugging messages |
So as we can see from the table above the correct answer to our question would be A, B, and C as the rest of them are ignored. Now one other thing you will want to keep in mind while taking the exam is that we actually made this question kind of easy in that we keep the severity levels in order. On the real CCENT or CCNA exam Cisco probably will not keep the severity levels in order. So try to memorize them as this is a common type of question to see on the exam.
So do you want to have the ability to really see this in action in your own CCENT or CCNA lab?
But in the meantime if you want to start studying your CCENT and CCNA concepts on the best home lab setups, check out what we have to offer below so you can configure your very own Syslog server as that is lab 9-5!
