Solved: Logging question on ISR Routers

mrochac · ‎07-24-2019

Good day gents and ladies - easy question; we have a SIEM in place and i'm supposedly not sending enough logs from my routers to it. Can one of you guide me on to setup so that everything gets sent to this syslog server, this is what i have...

logging history size 500
logging history debugging
logging trap debugging
logging source-interface GigabitEthernet0/1.1
logging host 1X2.2X.5.25
logging host 10.100.X.62

Am i doing something wrong here....on that same token, if i do a sh logging on my routers there is only a few items on there - never what you are looking for a week ago, thanks for any help.

MR.

balaji.bandi · ‎07-24-2019

Configuring Cisco Routers for Syslog

Step	Command	Purpose
1	Router# configure terminal	Enters global configuration mode.
2	Router(config)# service timestamps type datetime [msec] [localtime] [show-timezone]	Instructs the system to timestamp syslog messages; the options for the type keyword are debug and log.
3	Router(config)#logging host	Specifies the syslog server by IP address or host name; you can specify multiple servers.
4	Router(config)# logging trap level	Specifies the kind of messages, by severity level, to be sent to the syslog server. The default is informational and lower. The possible values for level are as follows: Emergency: 0 Alert: 1 Critical: 2 Error: 3 Warning: 4 Notice: 5 Informational: 6 Debug: 7 Use the debug level with caution, because it can generate a large amount of syslog traffic in a busy network.
5	Router(config)# logging facility facility-type	Specifies the facility level used by the syslog messages; the default is local7. Possible values are local0, local1, local2, local3, local4, local5, local6, and local7.
6	Router(config)# End	Returns to privileged EXEC mode.
7	Router# show logging	Displays logging configuration.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

balaji.bandi · ‎07-24-2019

Configuring Cisco Routers for Syslog

Step	Command	Purpose
1	Router# configure terminal	Enters global configuration mode.
2	Router(config)# service timestamps type datetime [msec] [localtime] [show-timezone]	Instructs the system to timestamp syslog messages; the options for the type keyword are debug and log.
3	Router(config)#logging host	Specifies the syslog server by IP address or host name; you can specify multiple servers.
4	Router(config)# logging trap level	Specifies the kind of messages, by severity level, to be sent to the syslog server. The default is informational and lower. The possible values for level are as follows: Emergency: 0 Alert: 1 Critical: 2 Error: 3 Warning: 4 Notice: 5 Informational: 6 Debug: 7 Use the debug level with caution, because it can generate a large amount of syslog traffic in a busy network.
5	Router(config)# logging facility facility-type	Specifies the facility level used by the syslog messages; the default is local7. Possible values are local0, local1, local2, local3, local4, local5, local6, and local7.
6	Router(config)# End	Returns to privileged EXEC mode.
7	Router# show logging	Displays logging configuration.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help