Home > Syslog Tutorial

Syslog Tutorial

May 22nd, 2014 Go to comments

As an administrator of a network, you have just completed all the configuration and they are working nicely. Now maybe the next thing you want to do is to set up something that can alert you when something goes wrong or down in your network. Syslog is an excellent tool for system monitoring and is almost always included in your distribution.

Places to store and display syslog messages

There are some places we can send syslog messages to:

Place to store syslog messages Command to use
Internal buffer (inside a switch or router) logging buffered [size]
Syslog server logging
Flash memory logging file flash:filename
Nonconsole terminal (VTY connection…) terminal monitor
Console line logging console

Note: If sent to a syslog server, messages are sent on UDP port 514.

By default, Cisco routers and switches send log messages to the console. We should use a syslog server to contain our logging messages with the logging command. Syslog server is the most popular place to store logging messages and administrators can easily monitor the wealth of their networks based on the received information.

Syslog syntax

A syslog message has the following format:

seq no:timestamp%FACILTY-SEVERITY-MNEMONIC: message text

Each portion of a syslog message has a specific meaning:
+ Seq no: a sequence number only if the service sequence-numbers global configuration command is configured
+ Timestamp: Date and time of the message or event. This information appears only if the service timestamps global configuration command is configured.
+ FACILITY: This tells the protocol, module, or process that generated the message. Some examples are SYS for the operating system, IF for an interface…
+ SEVERITY: A number from 0 to 7 designating the importance of the action reported. The levels are:

Level Keyword Description
0 emergencies System is unusable
1 alerts Immediate action is needed
2 critical Critical conditions exist
3 errors Error conditions exist
4 warnings Warning conditions exist
5 notification Normal, but significant, conditions exist
6 informational Informational messages
7 debugging Debugging messages

Note: You can remember the order above with the sentence: “Eventually All Critical Errors Will Not Involve Damage”.

The highest level is level 0 (emergencies). The lowest level is level 7. To change the minimum severity level that is sent to syslog, use the logging trap level configuration command. If you specify a level, that level and all the higher levels will be displayed. For example, by using the logging console warnings command, all the logging of emergencies, alerts, critical, errors, warnings will be displayed. Levels 0 through 4 are for events that could seriously impact the device, whereas levels 5 through 7 are for less-important events. By default, syslog servers receive informational messages (level 6).

+ MNEMONIC: A code that identifies the action reported.
+ message text: A plain-text description of the event that triggered the syslog message.

Let’s see an example of the syslog message:

39345: May 22 13:56:35.811: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1, changed state to down

+ seq no: 39345
+ Timestamp: May 22 13:56:35.811
+ FACILTY: LINEPROTO
+ SEVERITY level: 5 (notification)
+ MNEMONIC: UPDOWN
+ message text: Line protocol on Interface Serial0/0/1, changed state to down

Syslog Configuration

The following example tells the device to store syslog messages to a server on 10.10.10.150 and limit the messages for levels 4 and higher (0 through 4):

Router(config)#logging 10.10.10.150
Router(config)#logging trap 4

Of course on the server 10.10.10.150 we have to use a syslog software to capture the syslog messages sent to this server.

Comments (23) Comments
Comment pages
1 2 2162
  1. Feruz
    November 16th, 2015

    hi guys, could you tell me exactly what is the default level of syslog
    Thank you

  2. Chichi
    November 29th, 2015

    The default syslog severity level is six(6)

    The default syslog facility level is local7

    http://www.ciscopress.com/articles/article.asp?p=426638

  3. avi
    December 10th, 2015

    THANKS A LOT!!!

  4. seringesaine
    December 29th, 2015

    Please send me latest dumps at {email not allowed}

  5. ashraf
    January 21st, 2016

    hi any one plz send me latest dump in this email ? {email not allowed}

  6. pablocytue
    March 1st, 2016

    Please send me letest dumps, anyone….thank you, email me on {email not allowed}

  7. aqqqqqqqqqw
    March 13th, 2016

    1\

  8. suresh
    May 5th, 2016

    please send me latest dumps to this email {{email not allowed}}

  9. Eleandro
    May 14th, 2016

    ow Nice!

  10. Danny
    June 12th, 2016

    What is the Difference between default Syslog Facility level and Default Syslog servers level,

    As in question number 5 it asks for Syslog facility and the answer is Level 7 but in tutorial its about default syslog server level which is Level 6.

  11. zdall
    June 27th, 2016

    Please send me latest dumps at gratiashvilisergi yahoo . com
    thank you

  12. Raju
    July 24th, 2016

    Can i anyone please send me latest pdf dumps to me {email not allowed}

  13. Raju
    July 24th, 2016

    Can i anyone please send me latest pdf dumps to me youimprovedalot gmail.com

  14. bob
    August 19th, 2016

    Danny,
    If i’m sending the syslog messages to a server it will be level 6.
    If syslog is being sent to console, it is level 7

  15. PayAttention
    August 19th, 2016

    Hey 9tut :)
    There is something wrong the default Level is 7 (debugging)
    Source:
    http://www.cisco.com/c/en/us/td/docs/routers/access/wireless/software/guide/SysMsgLogging.html
    “Defining the Message Severity Level”

  16. mub
    September 22nd, 2016

    thanks {email not allowed}

  17. mub
    September 22nd, 2016

    email geedeyare 12 @ gmail

  18. Anonymous
    October 1st, 2016

    Best description

  19. sophia
    October 5th, 2016

    Updated dumps available at http://pass4surekey.com/vendor/Cisco.html

  20. keith_anonymous
    December 11th, 2016

    Main thing is wrong is in this tutorial of syslog:

    0 Alert
    1 Emergency
    2 Critical
    3 Error
    4 warning
    5 Notification
    6 Informational
    7 debug

  21. 9tut
    December 11th, 2016

    @keith_anonymous: Our order is correct. Please read here at Table 3: http://www.cisco.com/c/en/us/td/docs/routers/access/wireless/software/guide/SysMsgLogging.html

  22. Ganiga
    January 23rd, 2017

    hi…any one send me the updated dumps for v3 at ganigams6 gmail.com

  23. laszlo
    February 20th, 2017

    i want to take the icnd1 exam, can i get enough information to pass the exam here?

Comment pages
1 2 2162