Syslog Tutorial with Cisco Device.

Syslog Tutorial with Cisco Device.


By default, Cisco routers and switches send log messages to the console. We should use a syslog server to contain our logging messages with the logging command. Syslog server is the most popular place to store logging messages and administrators can easily monitor the wealth of their networks based on the received information.


A syslog message has the following format:

seq no:timestamp%FACILTY-SEVERITY-MNEMONIC: message text

A detail explanation of what this means:
seq no : This a sequence number of the message, but not by default. for you to know the time the message was sent, you’ve got to configure it.
Timestamp : This means Data and time of the message or event, which also need to be configured
Facility : The facility to which the message refers.
Severity : this a single-digit code from 0 to 7 that shows the severity of the message.
MNEMONIC : Text string that uniquely describes the message.
Description : Text string containing detailed information about the event

Level Keyword Description
0 emergencies System is unusable
1 alerts Immediate action is needed
2 critical Critical conditions exist
3 errors Error conditions exist
4 warnings Warning conditions exist
5 notification Normal, but significant, conditions exist
6 informational Informational messages
7 debugging Debugging messages

Let’s see an example of the syslog message:

12345: Apr 12 20:00:35.823: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/2, changed state to down

seq no: 12345
Timestamp: Apr 12 20:00:35.823
SEVERITY level: 5 (notification)
message text: Line protocol on Interface Serial0/0/2, changed state to down

Syslog Configuration

The following example tells the device to store syslog messages to a server on and limit the messages for levels 4 and higher (0 through 4):


Router(config)#logging trap 4