Monday, April 8, 2013
How To Configure Cisco's Syslog Logging
In this blog entry I will outline the steps you need to take on your Cisco Router or Catalyst device to configure syslog logging.
If you are configuring a Cisco Router for syslog logging then please follow the steps below:
1. In order to ensure that logging is enabled, issue the logging on command.
Router(config)# logging on
2. In order to specify the Essentials server that is to receive the router syslog messages, issue the logging ip_address command. ip_address is the address of the server that collects the syslog messages.
Router(config)# logging 1.1.1.1
3. In order to limit the types of messages that can be logged to the Essentials server, set the appropriate logging trap level with the logging trap informational command. The informational portion of the command signifies severity level 6. This means all messages from level 0-5 (from emergencies to notifications) are logged to the Essentials server.
Router(config)# logging trap informational
Valid logging facilities are local0 through local7.
Valid levels are:
emergency
alert
critical
error
warning
notification
informational
debug
4. In order to verify if the device sends syslog messages, run the sh logging command. You see all the syslog messages that are sent. If you do not see syslog messages, ensure that this is configured:
logging on logging console debug logging monitor debug logging trap debug
If you are configuring a Cisco Catalyst device for syslog logging please follow the steps below:
1. Ensure sure logging is enabled with the set logging server enable command.
Catalyst> (enable) set logging server enable
2. Specify the Essentials server that is to receive the router syslog messages, with the logging server_ip command. server ip is the IP address of the Essentials server.
Catalyst> (enable) set logging server 1.1.1.1
3. Limit the types of messages logged to the Essentials server. Enter set logging level informational, where informational signifies severity level 6. This means that all messages from level 0-5 (from emergencies to notifications) are logged to the Essentials server.
Catalyst> (enable) set logging server severity 6
4. In order to see if syslog messages are sent, use the sh logging buffer command. You see syslog messages that are sent. If you experience problems with switches, try this configuration:
set logging level all 7 default
set logging server enable
set logging server 1.1.1.1 (your unix syslog server ip address)
set logging server facility LOCAL7
set logging server severity 7 #syslog
set logging console enable
set logging server enable
set logging server 1.1.1.1
set logging level cdp 7 default
set logging level mcast 7 default
set logging level dtp 7 default
set logging level dvlan 7 default
set logging level earl 7 default
set logging level fddi 7 default
set logging level ip 7 default
set logging level pruning 7 default
set logging level snmp 7 default
set logging level spantree 7 default
set logging level sys 7 default
set logging level tac 7 default
set logging level tcp 7 default
set logging level telnet 7 default
set logging level tftp 7 default
set logging level vtp 7 default
set logging level vmps 7 default
set logging level kernel 7 default
set logging level filesys 7 default
set logging level drip 7 default
set logging level pagp 7 default
set logging level mgmt 7 default
set logging level mls 7 default
set logging level protfilt 7 default
set logging level security 7 default
set logging level radius 7 default
set logging level udld 7 default
set logging level gvrp 7 default
set logging server facility LOCAL7
!
Enter: sh logging
You see this output:
Logging buffer size: 500
timestamp option: enabled
Logging history size: 1
Logging console: enabled
Logging server: enabled {1.1.1.1}
server facility: LOCAL7
server severity: debugging(7)
Current Logging Session: enabled
Your Cisco device will now be configured for syslog logging.
Software 4 win: http://www.geardownload.com/internet/syslog-watcher-personal-edition-download.html
http://www.joshd.ca/content/how-configure-ciscos-syslog-logging
Subscribe to:
Posts (Atom)