Practice Exams  
  - CCNA -  
  - CCSP -  
  - CCIE -  
  Search the Web  
  Certification Kits
  Subnet Calculator  
  Online Degrees  
  Exam Vouchers  
  Free Magazines  

CCSP TechNotes - SND 642-551
Implement Syslog Logging
Implement Syslog Logging

By default, events and debug messages are sent to the console and are not archived. Routers can be configured to output the messages to the terminal (i.e. Telnet session) or store them in an internal RAM buffer, but to allow proper archiving for future use such as troubleshooting, security audits, and forensics, syslog messages can be logged to a central syslog server. A syslog server is a daemon running on a server operating system such as Windows or Linux. Several freeware syslog servers are available for download on the web. Messages sent to a syslog server are addressed to UDP port 514, and include the time of the event, the severity level, and the message body. The following is an example of a typical message:

Dec 11 17:45:08: %TCP-6-BADAUTH: Invalid MD5 digest from to

Syslog messages have a severity level ranging from 0 to 7, where 0 is the most severe. When you log to the console, all events (up to level 7) are logged, and when you log to a syslog server, events up to level 6 are logged. The following table shows the severity levels and their names:


Level name




Router unusable



Immediate action needed



Critical conditions



Error conditions



Warning conditions



Normal but important conditions



Informational messages



Debugging messages

Higher level events, thus less critical, are not always interesting and logging them all may use up too many system and network resources. When you configure syslogging, you can specify the severity level. The default is informational (level 6), which means level 7 debugging messages are ignored and everything else is logged. Use the following commands to configure a router to use syslogging to send messages to a central syslog server.

Enable logging to syslog server:
Router(config)# logging ip address

Configure the maximum severity level for syslog messages:
Router(config)# logging trap level

For example, to configure a router to log messages with a severity from 0 to 4 to a syslog server with IP address, use the following commands:
Router(config)# logging
Router(config)# logging trap warnings

The level option for the logging trap command can also be the level number. If you configured host mappings or a DNS server, you can use the hostname instead of the IP address of the syslog server. The show logging command can be used to display configured syslog routers and severity levels. As mentioned in the Management Protocol TechNotes, syslog traffic is send in plaintext format, hence should be sent only over secure channels.

Cisco CCNA Labs – Are you looking for Cisco Labs? We have Cisco CCNA Labs, Cisco CCNP Labs and Cisco Video Training that you will bring your Cisco routing & switching skills to the next level. Click Here for more Cisco Training!

Current related exam objectives for the CCSP 642-551 SND exam:

Implement security on a Cisco IOS Router
- Implement Syslog logging

Click here for the complete list of exam objectives.

Discuss this TechNote here Author: Johan Hiemstra


Featured Sponsors

TrainSignal - “Hands On” computer training for IT professionals. Network+ Training, MCSE, Cisco & more! Visit Train Signal’s free training site to get loads of Free Computer Training, videos, articles and practice exams.


All images and text are copyright protected, violations of these rights will be prosecuted to the full extent of the law.
2002-2011 TechExams.Net | Advertise | Disclaimer

TechExams.Net is not sponsored by, endorsed by or affiliated with Cisco Systems, Inc. Cisco®, Cisco Systems®, CCDA™, CCNA™, CCDP™, CCNP™, CCIE™, CCSI™; the Cisco Systems logo and the CCIE logo are trademarks or registered trademarks of Cisco Systems, Inc. in the United States and certain other countries.

IT Showcase