Home > Syslog Tutorial

Syslog Tutorial

May 22nd, 2014 Go to comments

As an administrator of a network, you have just completed all the configuration and they are working nicely. Now maybe the next thing you want to do is to set up something that can alert you when something goes wrong or down in your network. Syslog is an excellent tool for system monitoring and is almost always included in your distribution.

Places to store and display syslog messages

There are some places we can send syslog messages to:

Place to store syslog messages Command to use
Internal buffer (inside a switch or router) logging buffered [size]
Syslog server logging
Flash memory logging file flash:filename
Nonconsole terminal (VTY connection…) terminal monitor
Console line logging console

Note: If sent to a syslog server, messages are sent on UDP port 514.

By default, Cisco routers and switches send log messages to the console. We should use a syslog server to contain our logging messages with the logging command. Syslog server is the most popular place to store logging messages and administrators can easily monitor the wealth of their networks based on the received information.

Syslog syntax

A syslog message has the following format:

seq no:timestamp%FACILTY-SEVERITY-MNEMONIC: message text

Each portion of a syslog message has a specific meaning:
+ Seq no: a sequence number only if the service sequence-numbers global configuration command is configured
+ Timestamp: Date and time of the message or event. This information appears only if the service timestamps global configuration command is configured.
+ FACILITY: This tells the protocol, module, or process that generated the message. Some examples are SYS for the operating system, IF for an interface…
+ SEVERITY: A number from 0 to 7 designating the importance of the action reported. The levels are:

Level Keyword Description
0 emergencies System is unusable
1 alerts Immediate action is needed
2 critical Critical conditions exist
3 errors Error conditions exist
4 warnings Warning conditions exist
5 notification Normal, but significant, conditions exist
6 informational Informational messages
7 debugging Debugging messages

Note: You can remember the order above with the sentence: “Eventually All Critical Errors Will Not Involve Damage”.

The highest level is level 0 (emergencies). The lowest level is level 7. To change the minimum severity level that is sent to syslog, use the logging trap level configuration command. If you specify a level, that level and all the higher levels will be displayed. For example, by using the logging console warnings command, all the logging of emergencies, alerts, critical, errors, warnings will be displayed. Levels 0 through 4 are for events that could seriously impact the device, whereas levels 5 through 7 are for less-important events. By default, syslog servers receive informational messages (level 6).

+ MNEMONIC: A code that identifies the action reported.
+ message text: A plain-text description of the event that triggered the syslog message.

Let’s see an example of the syslog message:

39345: May 22 13:56:35.811: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/1, changed state to down

+ seq no: 39345
+ Timestamp: May 22 13:56:35.811
+ SEVERITY level: 5 (notification)
+ message text: Line protocol on Interface Serial0/0/1, changed state to down

Syslog Configuration

The following example tells the device to store syslog messages to a server on and limit the messages for levels 4 and higher (0 through 4):

Router(config)#logging trap 4

Of course on the server we have to use a syslog software to capture the syslog messages sent to this server.

Comments (32) Comments
Comment pages
1 2 2162
  1. Feruz
    November 16th, 2015

    hi guys, could you tell me exactly what is the default level of syslog
    Thank you

  2. Chichi
    November 29th, 2015

    The default syslog severity level is six(6)

    The default syslog facility level is local7


  3. avi
    December 10th, 2015


  4. seringesaine
    December 29th, 2015

    Please send me latest dumps at {email not allowed}

  5. ashraf
    January 21st, 2016

    hi any one plz send me latest dump in this email ? {email not allowed}

  6. pablocytue
    March 1st, 2016

    Please send me letest dumps, anyone….thank you, email me on {email not allowed}

  7. aqqqqqqqqqw
    March 13th, 2016


  8. suresh
    May 5th, 2016

    please send me latest dumps to this email {{email not allowed}}

  9. Eleandro
    May 14th, 2016

    ow Nice!

  10. Danny
    June 12th, 2016

    What is the Difference between default Syslog Facility level and Default Syslog servers level,

    As in question number 5 it asks for Syslog facility and the answer is Level 7 but in tutorial its about default syslog server level which is Level 6.

  11. zdall
    June 27th, 2016

    Please send me latest dumps at gratiashvilisergi yahoo . com
    thank you

  12. Raju
    July 24th, 2016

    Can i anyone please send me latest pdf dumps to me {email not allowed}

  13. Raju
    July 24th, 2016

    Can i anyone please send me latest pdf dumps to me youimprovedalot gmail.com

  14. bob
    August 19th, 2016

    If i’m sending the syslog messages to a server it will be level 6.
    If syslog is being sent to console, it is level 7

  15. PayAttention
    August 19th, 2016

    Hey 9tut :)
    There is something wrong the default Level is 7 (debugging)
    “Defining the Message Severity Level”

  16. mub
    September 22nd, 2016

    thanks {email not allowed}

  17. mub
    September 22nd, 2016

    email geedeyare 12 @ gmail

  18. Anonymous
    October 1st, 2016

    Best description

  19. keith_anonymous
    December 11th, 2016

    Main thing is wrong is in this tutorial of syslog:

    0 Alert
    1 Emergency
    2 Critical
    3 Error
    4 warning
    5 Notification
    6 Informational
    7 debug

  20. 9tut
    December 11th, 2016

    @keith_anonymous: Our order is correct. Please read here at Table 3: http://www.cisco.com/c/en/us/td/docs/routers/access/wireless/software/guide/SysMsgLogging.html

  21. Ganiga
    January 23rd, 2017

    hi…any one send me the updated dumps for v3 at ganigams6 gmail.com

  22. laszlo
    February 20th, 2017

    i want to take the icnd1 exam, can i get enough information to pass the exam here?

  23. New*Dumps
    April 4th, 2017

    DOWNLOAD Latest VALID DUMPS at below website
    (AllinONE) that you need to clear exam.
    All LABS in Packet Tracer
    VCE + PDF


  24. Anonymous
    April 9th, 2017

    R2#show logging
    Syslog logging: enabled (11 messages dropped, 0 messages rate-limited,
    0 flushes, 0 overruns, xml disabled, filtering disabled)
    Console logging: level debugging, 6 messages logged, xml disabled,
    filtering disabled
    Monitor logging: level debugging, 0 messages logged, xml disabled,
    filtering disabled
    Buffer logging: disabled, xml disabled,
    filtering disabled
    Logging Exception size (4096 bytes)
    Count and timestamp logging messages: disabled

    No active filter modules.

    Trap logging: level informational, 12 message lines logged

  25. Nahro Asiacell
    August 8th, 2017

    why i can not find below command in Cisco Packet Tracer ?

    service sequence-numbers

  26. Zippy
    October 16th, 2017

    planning to ccie security this year
    Guide me with your experiences
    Thank you

  27. ccna student
    October 17th, 2017

    Which two statements about syslog loging are true? (Choose two)
    A. Syslog logging is disabled by default
    B. Messages are stored in the internal memory of device
    C. Messages can be erased when device reboots
    D. Messages are stored external to the device
    E. The size of the log file is dependent on the resources of the device

    Which options do you think are correct?

  28. Rene
    December 5th, 2017

    Confirming the 552q dumps are valid.

  29. Snowkids
    January 14th, 2018

    @Rene, which 552Q dumps u are referring to? all questions in 9tut?

  30. fake
    February 20th, 2018


  31. Anonymous
    February 23rd, 2018

    Any one with updated dumps please…am in need

  32. Jack J
    July 2nd, 2018

    any latest CCNA dumps?

Comment pages
1 2 2162
Add a Comment