06-18-2022 06:07 AM
I would like to see terminal logging output during an SSH session the same I would see when I am consoled into the device. What I mean by terminal logging is output to the terminal screen when events happen (OSPF neighbors connect, a port is disconnected, etc.)
I see this output when I am consoled into the device. However I do not see it in SSH.
How can I enable SSH to show terminal logging output?
Note: I am using Cisco IOU L3 Version 15.7(3)M2. And this is being run virtually in GNS3 2.2.22 via the ESXi appliance server.
Solved! Go to Solution.
06-18-2022 09:38 AM
Hi
You need to enable it by running "terminal monitor" command.
By default only console session have logging enabled.
06-18-2022 09:38 AM
Hi
You need to enable it by running "terminal monitor" command.
By default only console session have logging enabled.
06-21-2022 02:39 PM
Ok, I turned on "terminal monitor".
I then consoled into the router, and SSHed into it as well.
Then I disconnected one of the router's interface.
Console shows terminal logging messages that the interface went down.
SSH connection does not show any info.
I reconnected
Console shows terminal logging messages that the interface went up.
SSH connection does not show any info.
How do I enable the same messages from console in my ssh session? (line vty 0 4)
06-21-2022 10:45 PM
We need more information to be able to identify your issue and to suggest solutions. Please post the output of these commands:
show log (if the output is long the first couple of pages would be sufficient) show run | include log
06-22-2022 07:36 AM - edited 06-22-2022 07:39 AM
Hello @Richard Burts, here is what I found:
ios-isis-R2(config-if)#do show log Syslog logging: enabled (0 messages dropped, 13 messages rate-limited, 0 flushes, 0 overruns, xml disabled, filtering disabled) No Active Message Discriminator. No Inactive Message Discriminator. Console logging: level debugging, 34 messages logged, xml disabled, filtering disabled Monitor logging: level debugging, 0 messages logged, xml disabled, filtering disabled Buffer logging: level debugging, 44 messages logged, xml disabled, filtering disabled Exception Logging: size (4096 bytes) Count and timestamp logging messages: disabled Persistent logging: disabled No active filter modules. Trap logging: level informational, 48 message lines logged Logging Source-Interface: VRF Name: Log Buffer (4096 bytes): : http://www.cisco.com/techsupport Copyright (c) 1986-2018 by Cisco Systems, Inc. Compiled Wed 28-Mar-18 11:18 by prod_rel_team *Jun 22 14:31:29.115: %SSH-5-ENABLED: SSH 2.0 has been enabled *Jun 22 14:31:29.121: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF *Jun 22 14:31:29.121: %CRYPTO-6-GDOI_ON_OFF: GDOI is OFF *Jun 22 14:31:29.840: %LINK-3-UPDOWN: Interface Ethernet0/0, changed state to up *Jun 22 14:31:29.844: %LINK-3-UPDOWN: Interface Ethernet0/1, changed state to up *Jun 22 14:31:29.855: %LINK-3-UPDOWN: Interface Ethernet0/2, changed state to up *Jun 22 14:31:29.860: %LINK-5-CHANGED: Interface Ethernet0/3, changed state to administratively down *Jun 22 14:31:29.876: %LINK-5-CHANGED: Interface Ethernet1/0, changed state to administratively down *Jun 22 14:31:29.884: %LINK-5-CHANGED: Interface Ethernet1/1, changed state to administratively down *Jun 22 14:31:29.891: %LINK-5-CHANGED: Interface Ethernet1/2, changed state to administratively down *Jun 22 14:31:29.896: %LINK-5-CHANGED: Interface Ethernet1/3, changed state to administratively down *Jun 22 14:31:29.898: %LINK-5-CHANGED: Interface Serial2/0, changed state to administratively down *Jun 22 14:31:29.902: %LINK-5-CHANGED: Interface Serial2/1, changed state to administratively down *Jun 22 14:31:29.902: %LINK-5-CHANGED: Interface Serial2/2, changed state to administratively down *Jun 22 14:31:29.906: %LINK-5-CHANGED: Interface Serial2/3, changed state to administratively down *Jun 22 14:31:29.906: %LINK-5-CHANGED: Interface Serial3/0, changed state to administratively down *Jun 22 14:31:29.909: %LINK-5-CHANGED: Interface Serial3/1, changed state to administratively down *Jun 22 14:31:29.909: %LINK-5-CHANGED: Interface Serial3/2, changed state to administratively down *Jun 22 14:31:29.914: %LINK-5-CHANGED: Interface Serial3/3, changed state to administratively down *Jun 22 14:31:30.021: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback0, changed state to up *Jun 22 14:31:30.844: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0, changed state to up *Jun 22 14:31:30.844: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/1, changed state to up *Jun 22 14:31:30.856: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/2, changed state to up *Jun 22 14:31:30.861: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/3, changed state to down *Jun 22 14:31:30.881: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet1/0, changed state to down *Jun 22 14:31:30.887: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet1/1, changed state to down *Jun 22 14:31:30.891: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet1/2, changed state to down *Jun 22 14:31:30.899: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet1/3, changed state to down *Jun 22 14:31:30.899: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial2/0, changed state to down *Jun 22 14:31:30.903: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial2/1, changed state to down *Jun 22 14:31:30.903: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial2/2, changed state to down *Jun 22 14:31:30.907: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial2/3, changed state to down *Jun 22 14:31:30.907: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial3/0, changed state to down *Jun 22 14:31:30.912: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial3/1, changed state to down *Jun 22 14:31:30.912: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial3/2, changed state to down *Jun 22 14:31:30.916: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial3/3, changed state to down *Jun 22 14:31:34.895: %PNP-6-PNP_DISCOVERY_STOPPED: PnP Discovery stopped (Startup Config Present) *Jun 22 14:32:16.759: %LINK-5-CHANGED: Interface Ethernet0/1, changed state to administratively down *Jun 22 14:32:17.764: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/1, changed state to down *Jun 22 14:32:26.703: %LINK-3-UPDOWN: Interface Ethernet0/1, changed state to up *Jun 22 14:32:27.707: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/1, changed state to up ios-isis-R2(config-if)#
The above log output shows the time I `shut` E0/1 then `no shut` E0/1
ios-isis-R2(config-if)# do show run | i log service timestamps log datetime msec logging synchronous login local logging synchronous logging synchronous login local
Not much context with the above command, including my running config just in case its needed:
2#show run Building configuration... Current configuration : 2417 bytes ! ! Last configuration change at 14:35:00 UTC Wed Jun 22 2022 by mruser ! version 15.7 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname ios-isis-R2 ! boot-start-marker boot-end-marker ! ! enable password 7 ABC123ABC123DEF ! no aaa new-model ! ! ! mmi polling-interval 60 no mmi auto-configure no mmi pvc mmi snmp-timeout 180 ! ! ! ! ! no ip icmp rate-limit unreachable ! ! ! ! ! ! ! ! ! ! ! ! ! ! no ip domain lookup ip domain name domain.internal ip cef no ipv6 cef ! multilink bundle-name authenticated ! ! ! ! ! ! ! ! ! username mruser password 7 ABC123ABC123DEF ! redundancy ! ! ip tcp synwait-time 5 ! ! ! ! ! ! ! ! ! ! ! ! ! interface Loopback0 ip address 172.16.10.1 255.255.255.255 ! interface Ethernet0/0 ip address 192.168.0.52 255.255.255.0 duplex auto ! interface Ethernet0/1 ip address 192.168.10.2 255.255.255.252 ip router isis duplex auto ! interface Ethernet0/2 ip address 192.168.20.1 255.255.255.252 ip router isis duplex auto ! interface Ethernet0/3 no ip address shutdown duplex auto ! interface Ethernet1/0 no ip address shutdown duplex auto ! interface Ethernet1/1 no ip address shutdown duplex auto ! interface Ethernet1/2 no ip address shutdown duplex auto ! interface Ethernet1/3 no ip address shutdown duplex auto ! interface Serial2/0 no ip address shutdown serial restart-delay 0 ! interface Serial2/1 no ip address shutdown serial restart-delay 0 ! interface Serial2/2 no ip address shutdown serial restart-delay 0 ! interface Serial2/3 no ip address shutdown serial restart-delay 0 ! interface Serial3/0 no ip address shutdown serial restart-delay 0 ! interface Serial3/1 no ip address shutdown serial restart-delay 0 ! interface Serial3/2 no ip address shutdown serial restart-delay 0 ! interface Serial3/3 no ip address shutdown serial restart-delay 0 ! router isis net 49.0010.1720.1601.0001.00 summary-address 10.0.0.0 255.255.252.0 passive-interface Loopback0 ! ip forward-protocol nd ! ! no ip http server no ip http secure-server ip ssh version 2 ! ipv6 ioam timestamp ! ! ! control-plane ! ! ! ! ! ! ! ! line con 0 exec-timeout 0 0 privilege level 15 logging synchronous login local line aux 0 exec-timeout 0 0 privilege level 15 logging synchronous line vty 0 4 exec-timeout 0 0 logging synchronous login local transport input ssh ! ! end ios-isis-R2#
Lastly version:
ios-isis-R2# show ver Cisco IOS Software, Linux Software (I86BI_LINUX-ADVENTERPRISEK9-M), Version 15.7(3)M2, DEVELOPMENT TEST SOFTWARE Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2018 by Cisco Systems, Inc. Compiled Wed 28-Mar-18 11:18 by prod_rel_team ROM: Bootstrap program is Linux ios-isis-R2 uptime is 4 minutes System returned to ROM by reload at 0 System image file is "unix:/opt/gns3/images/IOU/i86bi_LinuxL3-AdvEnterpriseK9-M2_157_3_May" Last reload reason: Unknown reason This product contains cryptographic features and is subject to United States and local country laws governing import, export, transfer and use. Delivery of Cisco cryptographic products does not imply third-party authority to import, export, distribute or use encryption. Importers, exporters, distributors and users are responsible for compliance with U.S. and local country laws. By using this product you agree to comply with applicable laws and regulations. If you are unable to comply with U.S. and local laws, return this product immediately. A summary of U.S. laws governing Cisco cryptographic products may be found at: http://www.cisco.com/wwl/export/crypto/tool/stqrg.html If you require further assistance please contact us by sending email to export@cisco.com. Linux Unix (Intel-x86) processor with 76825K bytes of memory. Processor board ID 2048028 8 Ethernet interfaces 8 Serial interfaces 64K bytes of NVRAM. Configuration register is 0x0
06-22-2022 03:03 PM
Thank you. You have provided the output that I requested, and quite a bit of other good information. I would like to start with this part of the output
Monitor logging: level debugging,
This shows that logging monitor is enabled. And logging monitor is what you need to get the logging output in your SSH session. I believe that @Flavio Miranda was on the right track to suggest using terminal monitor. You say that you turned on terminal monitor. I wonder if you correctly understood what was suggested. After establishing your SSH session, you issue the terminal monitor command in the SSH session. Is that what you did? If not then give it a try this way and let us know the results.
06-23-2022 09:19 AM
Ok I think I understand now. Yes @Flavio Miranda was right, need to run `terminal monitor` then I see the same output that the console shows for logging.
The problem was running `terminal monitor` then rebooting. I originally did run the command but rebooted, so I did not see output after reboot. So I needed to run the command again to see output.
Looks like `terminal monitor` is not a setting in the running config, so I don't believe it survives being volatile in memory after reboot.
I did find that if I go into the `line vty 0 4` there is a command "monitor" which I think does what I am looking for (enable terminal monitor after any SSH session is established). However after running it I see the following output
ios-isis-R2#line vty 0 4 ios-isis-R2(config-line)#monitor VTY must be active VTY must be active VTY must be active VTY must be active
Here is a post about it but does not make sense to me, and I still get the errors. I tried disconnecting from SSH and running the command in console, running it in vty 0 only, and tried running in a separate SSH session. "VTY must be active" keeps happening.
How can I get `terminal monitor` to run automatically after any SSH session, and have the setting survive reboots?
06-23-2022 06:49 PM
Let me start with a few points and then I will answer the question that you ask.
First you should understand that terminal monitor is not a config command and will not show up in the running config.
Also you should understand that terminal monitor is an exec command. You enter it in an SSH (or telnet) session. It operates for the duration of that SSH session (unless you decide to terminate it using the command terminal no monitor). When your SSH session terminates the terminal monitor is no longer operative. So the next time you establish an SSH session you will need to use terminal monitor in that session.
Your question is "How can I get `terminal monitor` to run automatically after any SSH session, and have the setting survive reboots?" The answer is that you can not accomplish this. You will need to use the command in every SSH session in which you want to see the logging output.
06-24-2022 07:45 AM
@Richard Burts thank you for the explanation and help.
I suppose the only other question I have is what does `monitor` do in my `line vty 0 4` do? Does it not automatically enable terminal monitor during each SSH session? I think the answer is "no" but I just want to make sure.
06-24-2022 11:32 AM
This is an interesting follow up question. In my response I made the point that terminal monitor was an exec command and not a config command. Apparently there is a config version of the command. I have not been familiar with that config command. What I am finding is that it apparently is the config equivalent of the exec command. According to this discussion you can only configure that parameter for a vty that has an active session. So I am not sure how useful it really is.
06-29-2022 08:09 AM
Thanks Richard. Yes for whatever reason that command just does not work.
I will mark @Flavio Miranda as the correct answer for now.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide