1-5 Logging

• Logging is used by the router to send system messages to a logging facility.

• Logging messages can be logged to four different facilities: system console, system buffers, terminal lines, or syslog server.

• Logging history can be maintained to ensure that messages being sent to SNMP servers are not dropped.

• Logging displays all error and debug messages by default. The level can be set to determine which messages should be sent to the facilities.

• Logging messages displayed to the console can interrupt input on the console. The command logging synchronous can alleviate this problem.

• Time-stamping logging messages or setting the syslog source address can help in real-time debugging and management.

Configuration

Logging is enabled by default. Step 1 is not required, because it is a default setting. The steps listed here are designed to help you manage logging on your router.

1. Enable logging globally (the default is on):

    (global)  logging on  

   This is the default setting. To disable logging the router, use the no logging on command. If you disable logging, messages are logged only to the console port. None of the other facilities are used.

2. (Optional) Log messages to a syslog server:

    (global)  logging   hostaddress  

   This command enables routing to a host running the syslog daemon. Syslog listens on UDP port 514 for text messages to log to a file. By logging to a syslog server, you have the system messages in a file to review.

3. (Optional) Log messages to the router buffer:

    (global)  logging buffered  

   Logging buffered stores all messages to system memory. These messages are stored in memory and remain there until the device is powered off or the buffer is cleared. The default setting for buffering varies from platform to platform and might or might not be enabled. Buffering can be set from 4096 to 4294967295 bytes.

   CAUTION

   By setting up buffering, you use system resources that can be used for operational aspects of routing. If you set up buffering, be sure not to waste system memory.

4. (Optional) Log messages to a terminal line:

    (privileged on a TTY or VTY line )  terminal monitor  

   Logging automatically sends messages to the console port. In order to have messages sent to any other TTY or a vty (Telnet) line, you must use the command terminal logging while logged into that line from privileged exec mode. As soon as you type this command, logging as specified by the logging monitor command (see Step 7) is displayed until you log out.

5. (Optional) Log messages to an SNMP station:

    (global)  snmp-server enable trap  

   This command allows the syslog message traps to be sent to an SNMP management station. In order to use this option, you also have to set up SNMP management on the device. Section 1-6 describes the configuration of SNMP.

6. (Optional) Adjust the history of messages:

    (global)  logging history   size  

   The router keeps a history of logged messages to ensure that an important SNMP message isn't lost. This command keeps the number of messages specified by the size in the router history table. The table is circular in nature so that as it fills up, it overwrites the first entry in the table. The history size can be set from 1 to 500 entries. The default size is 1.

   NOTE

   The history file is different from the buffer. History stores a cyclic list of the logging information from 1 to 500 entries. It was designed to keep the last few messages in the event that they were not logged to an SNMP device. Buffering syslog messages is a way of storing the messages to memory instead of to a syslog or SNMP device.

7. (Optional) Specify which types of messages should be displayed:

    (global)  logging  {  console   monitor   trap   history  }  level  

   This command allows you to decide which messages should be logged to a particular facility. For example, with the logging monitor command, you can choose to send to terminal lines only messages that are warnings or below by setting the level to 4. The level can be set for each output facility. The console option specifies what is displayed on the console. The trap option specifies what is sent to the syslog server. The history option specifies what level is kept in the local history table if you have enabled the syslog message traps to be sent to an SNMP management station. When you set a level, that level and any lower level are displayed to the facility. Table 1-5 lists the error message levels and keywords.

   The default of all facilities is to log at the debug level. This means that all messages at debugging level and below are sent to the logging facility.

Table 1-5. Error Message Logging Levels

8. (Optional) Specify the source address of the syslog packets:

    (global)  logging source-interface   type number  

   This command allows you to specify which interface address is used as the source IP address for the syslog packets. The default address is the address of the sending interface. But if you always wanted to use a particular address, such as the loopback address, to be able to easily identify or filter on a particular device, this command would specify an address to be used for all packets.

9. (Optional recommended) Enable time stamps for messages:

    (global)  service timestamps log datetime  

   This command configures the router to time-stamp any log message with the date and time as it is set on the router. This gives the person viewing the logged messages more detailed information about when the messages occurred. This can also be useful in determining what other factors might be involved in problems or symptoms.

10. Control the output of logging messages to terminal or console lines (optional):

     (line configuration)  logging synchronous  

    The logging synchronous command specifies to the router that logging output should be presented in a synchronous fashion. In other words, if someone is typing, the output should refresh the prompt so that the command line is synchronized with the user input.

Verifying Logging

1. View the logging configuration and buffer:

    (privileged)  show logging  

   This command is used to verify logging information and configuration, as well as to view the contents of the logging buffer.

2. Clear logging information:

    (privileged)  clear logging  

   This command clears logging messages from the logging buffer.

Example

In this example, we want to increase the buffers used for logging to 4096 and configure the device to buffer only messages that are at the warning level and below. For all other logging information (console and Telnet), we want to log messages that are at the informational level and below. Time stamps have been enabled to give us information about when the message was logged. The console and Telnet lines have been configured for synchronous logging to prevent annoying interruptions for users of these lines. Finally, the device has been configured to log messages to the syslog server 172.16.12.201 for notification-level messages and below using a source address of the loopback 1 interface.

 logging buffered 4096 warnings logging monitor informational ! interface Loopback0        ip address 191.255.255.254 255.255.255.255        no ip directed-broadcast ! logging trap notifications logging source-interface Loopback0 logging 172.16.12.101 line con 0        login        password cisco        logging synchronous line aux 0        login        password cisco        logging synchronous line vty 0 4        login        password cisco        logging synchronous