Wednesday, 7 September 2016

Syslog



Syslog 

Reading system message from a switch’s or router’s internal buffer is the most popular and efficient method of seeing what’s going on with your network at a particular time. But the best way is to log messages to a syslog server.

Syslog allows you to display, sort and even search messages, all of which makes it a really great troubleshooting tool.

Syslog stores messages from you and can even time-stamp and sequence number.

It use UDP port number 514.

Syslog search message feature is specially powerful because we can use keywords and even severity levels and server can email admins based on the severity level of the message.

These four ways to gather messages from cisco devices:

1           1.) Logging buffer (on by default)
2           2.) Console line (on by default)
3           3.)Terminal lines (using the terminal monitor command)
4           4.) Syslog server

    

     The system message format can be broken down in this way:
1          1.) Seq no    
                The stamp log messages with a sequence number, but not by default. If we want this output than configure it.

2          2.) Timestamp  
                 Date and time of the message or event, which again will show only if configure it.

3          3.)Facility
                The facility to which the message refers.

4         4.) Severity
                A single-digit code from 0 to 7 that indicates the severity of messages.

              Different types of severity levels:

       Emergency (0)                system is unusable
       Alert (1)                               Immediate action is needed
       Critical (2)                           Critical condition
       Error (3)                                Error condition
       Warning (4)                          Warning condition
      Notification (5)                     Normal but significant condition
I     nformation (6)                      Normal but inform message
       Debugging (7)                    Debugging message

5      5.) MNEMONIC                
               The string that uniquely describes the message.

 6.) Description 
                Text string containing detailed information about the event being reported.

          
Configure and verifying syslog:
 
By default, all cisco devices send all log messages of the severity level. We are just choosing to console, buffer and both.

Router(config)# logging console
Router(config)# logging buffer

We can disable it:
Router(config)# no logging console
Router(config)# no logging buffer

      View message:
     Router# show logging

     Now we can also control the format of our message via sequence numbers and time stamps, which aren’t enabled by default. 


     First configure all ip address as per figure.
     Check syslog service is on at syslog server

    Now configure router:

    Rouer(config)# logging on
    Router(config)# logging console
    Router(config)# logging buffered

    That’s command say that, we can enable syslog (its by default). All trap (message from router to NMS) is store in RAM.

    We can set manually syslog server:

    Router(config)# logging 10.0.0.3 ( logging host 10.0.0.3)

    Set timestamps , but remember time is synchronized either NTP is running in infra.

    Router(config)#service timestamps log datetime msec (for log message)
    Router(config)# service timestamps debug datetime msec (for debug message)

    We can limit the amount of messages sent to the syslog server, based on severity with the following command:

Router(config)#logging trap <use severity level>  



  =====>    THANKS FOR VIEWING <=============

a