You can view Syslog messages on Cisco CLI using following commands
On Console Line;
R(config)#logging console
On Terminal VTY (SSH, Telnet);
R#terminal monitor
Full Syslog message format in Cisco IOS is as following..
seq no:timestamp: %facility-severity-MNEMONIC: event
Seq No:
A sequence number to identify the message as by order.
This is useful because some times the output can be out of order on the screen.
You will not see this often because it is disabled by default.
Following command will enable the Seq no,
R(config)#service sequence-numbers
Timestamp:
Date and time of the message or event.
Time stamps are also disabled by default. But you would see it enabled almost all systems because it is very important to identify the time which the events triggered.
Following command will enable the Timestamp,
R(config)#service timestamps log datetime
Facility:
This tells the protocol, module, or process that generated the message.
Following are the common facilities you may encounter.
SYS for the operating system
IF for an interface
LINK for physical links
LINEPROTO for line protocol
Severity:
A number from 0 to 7 designating the importance of the action reported.
The levels are:
Levels 0 through 4 are for events that could seriously impact the device, whereas levels 5 through 7 are for less-important events.
By default, Syslog servers receive informational messages (level 6).
To change the minimum severity level that is shown on the console, use the following command.
R(config)#logging console <severity level>
To change the minimum severity level that is shown on the termial, use the following command.
R(config)#logging monitor <severity level>
If you specify a level, that level and all the higher levels will be displayed.
For example, by using the logging console warnings command, all the logging of emergencies, alerts, critical, errors, warnings will be displayed.
MNEMONIC
A string that describes the message in short.
Event
A plain-text description of the event that triggered the Syslog message.
Now let's analyze a typical Syslog message
*Jun 16 16:41:14.958: %LINK-3-UPDOWN: Interface Ethernet0/0, changed state to up
Seq No: none (not configured)
Timestamp: Jun 16 16:41:14.958
FACILTY: LINK
SEVERITY level: 3 (errors)
MNEMONIC: UPDOWN
Event: Interface Ethernet0/0, changed state to up
Storing Syslog Data
By default any Cisco IOS device will store it's Syslog messages in it's internal buffer of 4 Mb.
You can increase the buffer size by the following command.
R(config)#logging buffered <size>
Or you can configure a dedicated Syslog server to store Syslog data and give it's IP by following command;
Router(config)#logging <ip address of the syslog server>
To change the minimum severity level that is sent to the server, use the following command.
Router(config)#logging trap <severity level>
Server must use a Syslog software to capture the Syslog messages sent to this server.
No comments:
Post a Comment