Syslog Tutorial with Cisco Device.
By default, Cisco routers and switches send log messages to the console. We should use a syslog server to contain our logging messages with the logging command. Syslog server is the most popular place to store logging messages and administrators can easily monitor the wealth of their networks based on the received information.
A syslog message has the following format:
|seq no:timestamp%FACILTY-SEVERITY-MNEMONIC: message text|
A detail explanation of what this means:
seq no : This a sequence number of the message, but not by default. for you to know the time the message was sent, you’ve got to configure it.
Timestamp : This means Data and time of the message or event, which also need to be configured
Facility : The facility to which the message refers.
Severity : this a single-digit code from 0 to 7 that shows the severity of the message.
MNEMONIC : Text string that uniquely describes the message.
Description : Text string containing detailed information about the event
|0||emergencies||System is unusable|
|1||alerts||Immediate action is needed|
|2||critical||Critical conditions exist|
|3||errors||Error conditions exist|
|4||warnings||Warning conditions exist|
|5||notification||Normal, but significant, conditions exist|
Let’s see an example of the syslog message:
|12345: Apr 12 20:00:35.823: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/2, changed state to down|
+ seq no: 12345
+ Timestamp: Apr 12 20:00:35.823
+ FACILTY: LINEPROTO
+ SEVERITY level: 5 (notification)
+ MNEMONIC: UPDOWN
+ message text: Line protocol on Interface Serial0/0/2, changed state to down
The following example tells the device to store syslog messages to a server on 10.10.9.9 and limit the messages for levels 4 and higher (0 through 4):
Router(config)#logging trap 4