Cisco CCNA Syslog

Cisco CCNA Syslog Features

Syslog is a standard for logging messages. By default it sends message via UDP port 514. Cisco messages are broken into eight levels (0 – 7). When a level is set, messages from that level an higher are logged.

Common syslog facilities are IP, OSPF protocol, SYS operating system, IP Security, Route Switch Processor and Interface.

The Syslog messages are a combination of facility and level.

•Devices produce syslog messages

•Syslog messages contain level and facility

•Common syslog facilities:

•IP

•OSPF protocol

•SYS operating system

•IP Security (IPsec)

•Route Switch Processor (RSP)

•Interface

•Syslog levels:

•Emergency (level 0, highest level)

•Alert (level 1)

•Critical (level 2)

•Error (level 3)

•Warning (level 4)

•Notice (level 5)

•Informational (level 6)

•Debugging (level 7)

Cisco CCNA Syslog Message

Documentation for each Syslog release explain the meaning of the messages. You can see one in the example above broken down into four sections.

Cisco CCNA Syslog Example

As you can see from the Syslog output generated there can be a lot of information to process.

Syslog messages can be very useful when troubleshooting a problem or trying to investigate something, possibly a security relevant event, that occurred earlier.

08:01:13: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/5, changed state to up

08:01:23: %DUAL-5-NBRCHANGE: EIGRP-IPv4:(1) 1: Neighbor 10.1.1.1 (Vlan1) is up: new adjacency

08:02:31: %LINK-3-UPDOWN: Interface FastEthernet0/8, changed state to up

08:18:20: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/5, changed state to down

08:18:22: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/5, changed state to up

08:18:24: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to down

08:18:24: %ILPOWER-5-IEEE_DISCONNECT: Interface Fa0/2: PD removed

08:18:26: %LINK-3-UPDOWN: Interface FastEthernet0/2, changed state to down

08:19:49: %ILPOWER-7-DETECT: Interface Fa0/2: Power Device detected: Cisco PD

08:19:53: %LINK-3-UPDOWN: Interface FastEthernet0/2, changed state to up

08:19:53: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to up

08:27:42: %SYS-5-CONFIG_I: Configured from console by vty1 (10.1.1.24)

08:29:32: %ILPOWER-7-DETECT: Interface Fa0/3: Power Device detected: IEEE PD

08:29:36: %LINK-3-UPDOWN: Interface FastEthernet0/3, changed state to up

08:29:36: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/3, changed state to up

08:31:19: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/5, changed state to down

08:31:21: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/5, changed state to up

Cisco CCNA Syslog Configuration

Configuring logging to be sent to a syslog server is very easy. Use the logging command to identify the ip address of the syslog server. Use the logging trap command to set the level of logging (0 – 7). Above you can see some of the common syslog configuration commands in use such as setting the server, the trap levels, buffers and displaying the local logs.

sw# show logging ?

count Show counts of each logging message

history Show the contents of syslog history table

onboard Onboard logging information

xml Show the contents of XML logging buffer

| Output modifiers