Many network administrators overlook the importance of router logs. Logging can use for fault notification, network forensics, and security auditing.
Cisco routers log messages can handle in five different ways:
Console logging:By default, the router sends all log messages to its console port. Hence only the users that are physically connected to the router console port can view these messages.
Terminal logging:It is similar to console logging, but it displays log messages to the router's VTY lines instead. This is not enabled by default Buffered logging:This type of logging uses router's RAM for storing log messages. buffer has a fixed size to ensure that the log will not deplete valuable system memory. The router accomplishes this by deleting old messages from the buffer as new messages are added.
Syslog Server logging :The router can use syslog to forward log messages to external syslog servers for storage. This type of logging is not enabled by default.
SNMP trap logging:The router is able to use SNMP traps to send log messages to an external SNMP server.
Sample router log messages:
System shutting down due to missing fan tray
Temperature limit exceeded
Memory allocation failures
Interface Up/Down messages
Configuration file written to server, via SNMP request
Line protocol Up/Down
Access-list violation logging
The router does not check if a user is logged into the console port or a device is attached to it; if console logging is enabled, messages are always sent to the console port that can cause CPU load.
To stop the console logging, use the "no logging console" global configuration command .you might want to limit the amount of messages sent to the console with the "logging console level" configuration command (for example, logging console Informational).
B) Buffered logging:
You want your router to record log messages, instead of just displaying them on the console.To use logging buffered configuration command to enable the local storage of router log messages:
Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#logging buffered informational Router(config)#end
You can also Set the Log Size on router.
Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#logging buffered 64000 Router(config)#end
C) Terminal logging:You want the router to display log messages to your VTY session in real time.Use the terminal monitor command to enable the displaying of log messages to your VTY:
Router#terminal monitor Router#
To disable logging to your VTY session, use the following command:
Router#terminal no monitor Router#
D) Syslog Server logging:
You want to send log messages to a remote syslog server. By using this we can send messages to an external device for storing this logs and the storage size does depend on the available disk space of the external syslog server. This option is not enabled by default.
If you have any syslog server please find the below simple config.
Router(config#logging host x.x.x.x
Router(config)#logging traps (i.e 0 1 2 3 4 5 .. according to your requirement)
before enabling logging be sure that your router is properly configure to collect proper time from any NTP server or manually configure to get time
Command to set time manually on router is (set clock) or to use ntp server use “ntp server x.x.x.x” to sync clock to router.
Use the logging source-interface configuration command to specify a particular IP address for syslog messages:
Router(config)#logging source-interface Loopback0
E) Clearing the Router's Log
Use the clear logging command to clear the router's internal log buffer:
I have the below diagram. - 4 L3 switches running OSPF (L3#1,L3#2,L3#3,L3#4)- There will be 2 internet links with 2 ISP- Each ISP will be terminated in its Router I want to use ISP 1 as primary for internet & ISP2 as secondaryHow to design i...
Hi Guys, So I have a requirement where I need to setup a fairly complicated NAT config, and at the same time dealing with 2 or 3 other companies that are connecting different parts of the network and limiting my testing possibilities. It's goin...
I was attempting to upgrade my Catalyst 3850 in my lab from IOS XE version 03.03.01 to 16.09.04. I copied the file to flash from a flash drive and ran the command:
software install flash:/<.bin>
where <.bin> is the new im...
Configure a script that will prepare a WAN router to receive voice over IP traffic on interface fa0/0 and ensure it survives with the correct markings on the WAN link fa0/1 during times of congestion. Script must:match traffic that has DSCP marking EFset ...
I have an access point connected to a 3750x switch. It looks like it isn't drawing enough power because I get an amber power light. I had this problem once before with a different switch vendor and I hard to configure some specific commands. After that, t...