07-24-2019 12:15 PM
Good day gents and ladies - easy question; we have a SIEM in place and i'm supposedly not sending enough logs from my routers to it. Can one of you guide me on to setup so that everything gets sent to this syslog server, this is what i have...
logging history size 500
logging history debugging
logging trap debugging
logging source-interface GigabitEthernet0/1.1
logging host 1X2.2X.5.25
logging host 10.100.X.62
Am i doing something wrong here....on that same token, if i do a sh logging on my routers there is only a few items on there - never what you are looking for a week ago, thanks for any help.
MR.
Solved! Go to Solution.
07-24-2019 03:48 PM
Step |
Command |
Purpose |
1 |
Router# configure terminal |
Enters global configuration mode. |
2 |
Router(config)# service timestamps type datetime [msec] [localtime] [show-timezone] |
Instructs the system to timestamp syslog messages; the options for the type keyword are debug and log. |
3 |
Router(config)#logging host |
Specifies the syslog server by IP address or host name; you can specify multiple servers. |
4 |
Router(config)# logging trap level |
Specifies the kind of messages, by severity level, to be sent to the syslog server. The default is informational and lower. The possible values for level are as follows: Emergency: 0 Use the debug level with caution, because it can generate a large amount of syslog traffic in a busy network. |
5 |
Router(config)# logging facility facility-type |
Specifies the facility level used by the syslog messages; the default is local7. Possible values are local0, local1, local2, local3, local4, local5, local6, and local7. |
6 |
Router(config)# End |
Returns to privileged EXEC mode. |
7 |
Router# show logging |
Displays logging configuration. |
07-24-2019 03:48 PM
Step |
Command |
Purpose |
1 |
Router# configure terminal |
Enters global configuration mode. |
2 |
Router(config)# service timestamps type datetime [msec] [localtime] [show-timezone] |
Instructs the system to timestamp syslog messages; the options for the type keyword are debug and log. |
3 |
Router(config)#logging host |
Specifies the syslog server by IP address or host name; you can specify multiple servers. |
4 |
Router(config)# logging trap level |
Specifies the kind of messages, by severity level, to be sent to the syslog server. The default is informational and lower. The possible values for level are as follows: Emergency: 0 Use the debug level with caution, because it can generate a large amount of syslog traffic in a busy network. |
5 |
Router(config)# logging facility facility-type |
Specifies the facility level used by the syslog messages; the default is local7. Possible values are local0, local1, local2, local3, local4, local5, local6, and local7. |
6 |
Router(config)# End |
Returns to privileged EXEC mode. |
7 |
Router# show logging |
Displays logging configuration. |
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide