cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
795461
Views
139
Helpful
12
Comments
TCC_2
Level 10
Level 10

 

Introduction

Many network administrators overlook the importance of router logs. Logging can use for fault notification, network forensics, and security auditing.

 

Cisco routers log messages can handle in five different ways:

 

 

 

Console logging:By default, the router sends all log messages to its console port. Hence only the users that are physically connected to the router console port can view these messages.

 

 

Terminal logging:It is similar to console logging, but it displays log messages to the router's VTY lines instead. This is not enabled by default   
Buffered logging:This type of logging uses router's RAM for storing log messages. buffer has a fixed size to ensure that the log will not deplete valuable system memory. The router accomplishes this by deleting old messages from the buffer as new messages are added.

 

 

Syslog Server logging :The router can use syslog to forward log messages to external syslog servers for storage. This type of logging is not enabled by default.

 

 

SNMP trap logging:The router is able to use SNMP traps to send log messages to an external SNMP server.


Sample router log messages:

 


Level

 

Level name

 

Router messages

0EmergenciesSystem shutting down due to missing fan tray
1Alerts Temperature limit exceeded
2CriticalMemory allocation failures
3Errors Interface Up/Down messages
4WarningsConfiguration file written to server, via SNMP request
5NotificationsLine protocol Up/Down
6InformationAccess-list violation logging
7DebuggingDebug messages

 

Configuration Overview:

 

A)Console logging:

The router does not check if a user is logged into the console port or a device is attached to it; if console logging is enabled, messages are always sent to the console port that can cause CPU load.

 

To stop the console logging, use the "no logging console" global configuration command .you might want to limit the amount of messages sent to the console with the "logging console level" configuration command (for example, logging console Informational).

 


B) Buffered logging:

You want your router to record log messages, instead of just displaying them on the console.To use logging buffered configuration command to enable the local storage of router log messages:

 

Router#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#logging buffered informational
Router(config)#end


You can also Set the Log Size on router.


Router#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#logging buffered 64000
Router(config)#end

 

C) Terminal logging:You want the router to display log messages to your VTY session in real time.Use the terminal monitor command to enable the displaying of log messages to your VTY:

 

Router#terminal monitor
Router#


To disable logging to your VTY session, use the following command:

Router#terminal no monitor
Router#


D) Syslog Server logging:

You want to send log messages to a remote syslog server. By using this we can send messages to an external device for storing this logs and the storage size does depend on the available disk space of the external syslog server. This option is not enabled by default.


If you have any syslog server please find the below simple config.


router#conf t

Router(config#logging host x.x.x.x

Router(config)#logging traps (i.e 0 1 2 3 4 5 .. according to your requirement)


before enabling logging be sure that your router is properly configure to collect proper time from any NTP server or manually configure to get time


Command to set time manually on router is (set clock) or to use ntp server use “ntp server x.x.x.x” to sync clock to router.


Use the logging source-interface configuration command to specify a particular IP address for syslog messages:

Router(config)#logging source-interface Loopback0

 

E) Clearing the Router's Log

Use the clear logging command to clear the router's internal log buffer:

Router#clear logging
Clear logging buffer [confirm]<enter>
Router#

 

F) To display the state of system logging (syslog) and the contents of the standard system logging message buffer,, use the show logging privileged EXEC command.

Router# show logging


Syslog logging: enabled

     Console logging: disabled

     Monitor logging: level debugging, 266 messages logged.

     Trap logging: level informational, 266 messages logged.

     Logging to 10.1.1.1


SNMP logging: disabled, retransmission after 30 seconds

    0 messages logged

Router#.

 

Related Information:

Troubleshooting, Fault Management, and Logging

Implementing Logging Services on Cisco ASR 9000 Series Routers.

Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Logging Configuration and System Log Messages.
Configuration Change Notification and Logging.

Comments

Thanks a lot .. it's very useful to review the Logging for people that have short memory (like myself) 
^_^

 

best of luck

Loc Nguyen
Level 1
Level 1

Thanks, it is short and sweet.

gautham.com
Level 1
Level 1

Thank you, very short and easy to understand.

Reece Boucher
Level 1
Level 1

 The above is very helpful, but...

 

Is there a way to clear a config for all previous settings for a particular config item?

ie.

To set a new syslog server I would enter logging server 10.x.x.y, but how can I remove previous settings if they are not known (inherited a network that was largely unmanaged).

 

that is, there may be multiple logging servers already configured.

 

Basically I want to get back to a single logging server entry (the same applies to other settings such as DNS, NTP and local users).

 

thanks.

 

danielmanqui
Level 1
Level 1
Excelente !!! ¬.¬
dalhelo
Cisco Employee
Cisco Employee

Very helpful, thanks

Very useful thanks :)

naveen kadiam
Level 1
Level 1

Thanks for the clear information provided.

ToddHobbs22565
Level 1
Level 1

This is very helpful and easy to understand

bai
Level 1
Level 1

Thanks, it's useful.

AliDoskii
Level 1
Level 1

very helpful, Thanks

Wonxie
Level 1
Level 1

excellent and brief writeup .loved it.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Review Cisco Networking for a $25 gift card