In this article I covered configuration steps you need to take on your Cisco Router or Switch to send messages to remote syslog server. Most of the Cisco devices use the syslog protocol to manage system logs and alerts. Syslog server is used to maintain log messages at centralized location, It improves the manageability of any size network and can decrease response times to resolve problems. Sending router log messages to a remote server also allows longer archiving of messages because Syslog server will have more storage than Cisco Router or Switch. Messages stored by syslog Server have permanence but Router doesn’t. When a router is reloaded or power cycled, the messages in its log are erased. In Syslog server there is a change view log messages even if Router power off.
Note: Before configuring a Cisco device to send syslog messages, make sure that it is configured with the right date, time, and time zone. Syslog data would be useless for troubleshooting if it shows the wrong date and time. You should configure all network devices to use NTP. Using NTP ensures a correct and synchronized system clock on all devices within the network. Setting the devices with the accurate time is helpful for event correlation.
Step by Step Syslog Server Configuration on Cisco Router
If you are configuring a Cisco Router for syslog logging then please follow the steps below:
1. Configure the Router to timestamp syslog messages and it helpful for troubleshooting. The options for the type keyword are debug and log.
Hostname or A.B.C.D IP address of the logging host
alarm Configure syslog for alarms
buffered Set buffered logging parameters
buginf Enable buginf logging for debugging
cns-events Set CNS Event logging level
console Set console logging parameters
count Count every log message and timestamp last occurance
discriminator Create or modify a message discriminator
esm Set ESM filter restrictions
event Global interface events
exception Limit size of exception flush output
facility Facility parameter for syslog messages
filter Specify logging filter
history Configure syslog history table
host Set syslog server IP address and parameters
ip IP configuration
listen MWAM/SAMI remote console and logging listen enabler
message-counter Configure log message to include certain counter value
monitor Set terminal line (monitor) logging parameters
on Enable logging to all enabled destinations
origin-id Add origin ID to syslog messages
persistent Set persistent logging parameters
prefix Configure logging prefix version
rate-limit Set messages per second limit
reload Set reload logging level
source-interface Specify interface for source address in logging transactions
system enable/disable System Event Log
trap Set syslog server logging level
userinfo Enable logging of user info on privileged mode enabling
Router(config)# service timestamps type datetime [msec] [localtime] [show-timezone]
2. Enable logging on Router by issuing the logging on command from global configuration mode.
Router(config)# logging on
3. In order to specify the Essentials server that is to receive the router syslog messages, issue the logging ip_address command. ip_address is the address of the server that collects the syslog messages.
Router(config)# logging 126.96.36.199
4. Now you can limit the types of messages that can be logged to the Syslog server, set the appropriate logging trap level with the logging trap command. The informational portion of the command signifies severity level 6. This means all messages from level 0-5 (from emergencies to notifications) are logged to the Essentials server.
Router(config)# logging trap informational
Valid logging facilities are local0 through local7. Valid levels are:
5. Specifies the facility level used by the syslog messages; the default is local7. Possible values are local0, local1, local2, local3, local4, local5, local6, and local7.
Router(config)# logging facility facility-type
6. In order to verify if the device sends syslog messages, run the sh logging command.
Example: Syslog Server Configuration on Router
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#service timestamps debug datetime localtime show-timezone msec
Router(config)#service timestamps log datetime localtime show-timezone msec
Router(config)#logging facility local3
Router(config)#logging trap informational
Find Syslog Logging Statistics with Show Logging Command
Syslog logging: enabled (0 messages dropped, 0 flushes, 0 overruns)
Console logging: level debugging, 79 messages logged
Monitor logging: level debugging, 0 messages logged
Buffer logging: disabled
Trap logging: level informational, 80 message lines logged
Logging to 188.8.131.52, 57 message lines logged
Filed Under: Syslog
About the Author: