Skip to main content

Syslog (Cisco) – System Message Logging

  • Cisco devices try to notify administrators when major or minor events take place in the connected network.  This notifications or messages are called Syslog messages.
  • Cisco devices can be configured to show Real-time messages and stored log messages.

Real-Time Messages

Real-time messages for Console users

By default, Cisco IOS displays log messages to console users for all severity levels of messages. Because of the default logging console global configuration command.

Real-time messages for Telnet and SSH users

  •             By default, Cisco IOS has global configuration command – logging monitor that tells IOS to allow the sending of log messages to all logged users.
  •       But, that default configuration is not sufficient to allow the user to view the log messages. terminal monitor EXEC command should be issued by the user during the login session to inform IOS that this terminal session would like to receive log messages.

Stored Log Messages

After sending the messages to console and terminal sessions, IOS can discard the message. To keep a copy of the log messages for later review, IOS provides 2 ways to save a copy.

Storing Log message inside the device

  •            logging buffered global configuration command is used to store copies of the log messages in the device’s RAM.
  •      Show logging EXEC command can be issued by the user later at any time to see the syslog messages.

Storing messages centrally on a syslog server

  •      Syslog protocol defined by RFC5424 as a means by which a device like router or switch can use a UDP protocol to send messages to a syslog server for storage.
  •      logging {addresslhostname} global command is used to configure a switch or router to send log messages to a syslog server, where address is the IP address or hostname is the hostname of the syslog server.







Comments

Popular posts from this blog