Home  
  Cisco  
  Practice Exams  
  TechNotes  
  - CCNA -  
  - CCSP -  
  - CCIE -  
  TechSims  
  TechLabs  
  Links  
  Forums  
  Blogs  
  Topsites  
  Search the Web  
  Watch free videos online
     
  Subnet Calculator  
  Online Degrees  
  Exam Vouchers  
  Free Magazines  

  Watch free videos online  
     
CCSP TechNotes - SND 642-551
Implement Syslog Logging
Implement Syslog Logging

By default, events and debug messages are sent to the console and are not archived. Routers can be configured to output the messages to the terminal (i.e. Telnet session) or store them in an internal RAM buffer, but to allow proper archiving for future use such as troubleshooting, security audits, and forensics, syslog messages can be logged to a central syslog server. A syslog server is a daemon running on a server operating system such as Windows or Linux. Several freeware syslog servers are available for download on the web. Messages sent to a syslog server are addressed to UDP port 514, and include the time of the event, the severity level, and the message body. The following is an example of a typical message:

Dec 11 17:45:08: %TCP-6-BADAUTH: Invalid MD5 digest from 10.2.0.9:1778 to 10.146.50.21:179

Syslog messages have a severity level ranging from 0 to 7, where 0 is the most severe. When you log to the console, all events (up to level 7) are logged, and when you log to a syslog server, events up to level 6 are logged. The following table shows the severity levels and their names:

Level

Level name

Description

0

Emergencies

Router unusable

1

Alerts

Immediate action needed

2

Critical

Critical conditions

3

Errors

Error conditions

4

Warnings

Warning conditions

5

Notifications

Normal but important conditions

6

Informational

Informational messages

7

Debugging

Debugging messages

Higher level events, thus less critical, are not always interesting and logging them all may use up too many system and network resources. When you configure syslogging, you can specify the severity level. The default is informational (level 6), which means level 7 debugging messages are ignored and everything else is logged. Use the following commands to configure a router to use syslogging to send messages to a central syslog server.

Enable logging to syslog server:
Router(config)# logging ip address

Configure the maximum severity level for syslog messages:
Router(config)# logging trap level

For example, to configure a router to log messages with a severity from 0 to 4 to a syslog server with IP address 172.16.20.11, use the following commands:
Router(config)# logging 172.16.20.11
Router(config)# logging trap warnings

The level option for the logging trap command can also be the level number. If you configured host mappings or a DNS server, you can use the hostname instead of the IP address of the syslog server. The show logging command can be used to display configured syslog routers and severity levels. As mentioned in the Management Protocol TechNotes, syslog traffic is send in plaintext format, hence should be sent only over secure channels.
Cisco CCNA Labs – Are you looking for Cisco Labs? We have Cisco CCNA Labs, Cisco CCNP Labs and Cisco Video Training that you will bring your Cisco routing & switching skills to the next level. Click Here for more Cisco Training!



 
Current related exam objectives for the CCSP 642-551 SND exam:

Implement security on a Cisco IOS Router
- Implement Syslog logging


Click here for the complete list of exam objectives.
Discuss this TechNote here Author: Johan Hiemstra

Exchange 2003 Video Training




 

Featured Sponsors

TrainSignal - “Hands On” computer training for IT professionals. Network+ Training, MCSE, Cisco & more! Visit Train Signal’s free training site to get loads of Free Computer Training, videos, articles and practice exams.

Preplogic - Sign up now to get Unlimited Access to PrepLogic's entire video training library. Enjoy open access to Microsoft Server 2008, CCNA, CISSP®, PMP and many more. Get Unlimited Access

 

All images and text are copyright protected, violations of these rights will be prosecuted to the full extent of the law.
2002-2009 TechExams.Net | Advertise | Disclaimer

TechExams.Net is not sponsored by, endorsed by or affiliated with Cisco Systems, Inc. Cisco®, Cisco Systems®, CCDA™, CCNA™, CCDP™, CCNP™, CCIE™, CCSI™; the Cisco Systems logo and the CCIE logo are trademarks or registered trademarks of Cisco Systems, Inc. in the United States and certain other countries.


IT Showcase