Syslog

Syslog 

Reading system message from a switch’s or router’s internal buffer is the most popular and efficient method of seeing what’s going on with your network at a particular time. But the best way is to log messages to a syslog server.

Syslog allows you to display, sort and even search messages, all of which makes it a really great troubleshooting tool.

Syslog stores messages from you and can even time-stamp and sequence number.

It use UDP port number 514.

Syslog search message feature is specially powerful because we can use keywords and even severity levels and server can email admins based on the severity level of the message.

These four ways to gather messages from cisco devices:

1           1.) Logging buffer (on by default)

2           2.) Console line (on by default)

3           3.)Terminal lines (using the terminal monitor command)

4           4.) Syslog server

    

     The system message format can be broken down in this way:

1          1.) Seq no    

                The stamp log messages with a sequence number, but not by default. If we want this output than configure it.

2          2.) Timestamp  

                 Date and time of the message or event, which again will show only if configure it.

3          3.)Facility

                The facility to which the message refers.

4         4.) Severity

                A single-digit code from 0 to 7 that indicates the severity of messages.

              Different types of severity levels:

       Emergency (0)                system is unusable

       Alert (1)                               Immediate action is needed

       Critical (2)                           Critical condition

       Error (3)                                Error condition

       Warning (4)                          Warning condition

      Notification (5)                     Normal but significant condition

I     nformation (6)                      Normal but inform message

       Debugging (7)                    Debugging message

5      5.) MNEMONIC                

               The string that uniquely describes the message.

 6.) Description 

                Text string containing detailed information about the event being reported.

          

Configure and verifying syslog:

 

By default, all cisco devices send all log messages of the severity level. We are just choosing to console, buffer and both.

Router(config)# logging console

Router(config)# logging buffer

We can disable it:

Router(config)# no logging console

Router(config)# no logging buffer

      View message:

     Router# show logging

     Now we can also control the format of our message via sequence numbers and time stamps, which aren’t enabled by default. 

     First configure all ip address as per figure.

     Check syslog service is on at syslog server

    Now configure router:

    Rouer(config)# logging on

    Router(config)# logging console

    Router(config)# logging buffered

    That’s command say that, we can enable syslog (its by default). All trap (message from router to NMS) is store in RAM.

    We can set manually syslog server:

    Router(config)# logging 10.0.0.3 ( logging host 10.0.0.3)

    Set timestamps , but remember time is synchronized either NTP is running in infra.

    Router(config)#service timestamps log datetime msec (for log message)

    Router(config)# service timestamps debug datetime msec (for debug message)

    We can limit the amount of messages sent to the syslog server, based on severity with the following command:

Router(config)#logging trap <use severity level>  



  =====>    THANKS FOR VIEWING <=============

a  

EIGRP - Part 6

EIGRP Update Messages

       EIGRP use update message between EIGRP router for adjacency. It use RTP (Reliable Transport Protocol)  and its function to deliver EIGRP update packet between neighbors in a reliable and ordered way. EIGRP send multicast and unicast packet just keep think your mind they all packet are sent reliable. Reliable means that when we send a packet we want to get an acknowledgment from the other side to make sure that they received it.

EIGRP also use following update message

   1.) Hello message
               EIGRP sends Hello packets once it enabled on a router for a particular network. Hello message use to identify neighbor. EIGRP Hello packet sends on local link using multicast address 224.0.0.10 . 

   2.) Update message
               When EIGRP establishment first adjacency with neighbors than it send full topology information only one time. After than if any changes is happen in network than it send update message which have only changes network.

    3.) Query message
               EIGRP query message are multicast and are used to reliably request routing information. EIGRP query packet are sent to neighbor when a route is not available and the router need to ask about the status of route for fast convergence.

   4.) Reply message
              EIGRP Reply packets are sent in response to query packet.

  5.) Ack message
              An  acknowledgment packet is simply EIGRP hello packet that contains no data. Ack packets are used by EIGRP to confirm reliable delivery of EIGRP packet.
 

   As per topology changes EIGRP use  main two  message: update and AcK
Update message is contain updated information of topology and ACK is receipt of the update packet. 
       Update packet contain following information:

        1.) Prefix
        2.) Prefix length
        3.) Metric component: Bandwidth, delay, reliability, load, MTU and hope count.


EIGRP Feasible Distance and Reported Distance 

 Feasible Distance (FD)
           Integer metric for the route, from the local router's perspective, used to the local router to choose the best route for that prefix.

Reported Distance (RD)
          Integer metric for the route, from the neighboring router's perspective. Used by the local router when converging to a new route. It also known as Administrative Distance.