You want your router to record log messages, instead of just displaying them on the console.
Use the logging buffered configuration command to enable the local storage of router log messages:
Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#logging buffered informational Router(config)#end Router#
This feature causes the router to store all log messages to a revolving buffer called the logging buffer. Many network administrators find it convenient and useful to keep detailed router logs on the router itself. The router discards its oldest messages to make room for new ones. This ensures that the logging buffer contains the most recent messages without depleting the router's RAM. You can use the show logging command to view this buffer:
Router>show logging Syslog logging: enabled (0 messages dropped, 0 messages rate-limited, 0 flushes, 0 overruns) Console logging: level debugging, 653 messages logged Monitor logging: level debugging, 65 messages logged Buffer logging: level informational, 1 messages logged Logging Exception size (4096 bytes) Trap logging: level informational, 657 message lines logged Log Buffer (4096 bytes): Mar 26 09:02:25: %SEC-6-IPACCESSLOGS: list 99 denied 172.16.2.2 5 packets Mar 26 09:04:56: %CLEAR-5-COUNTERS: Clear counter on all interfaces on vty1 Mar 26 09:05:13: %SYS-5-CONFIG_I: Configured from console by ijbrown on vty1 Router>
Note that the default severity logging level is set to debugging. You can adjust the severity level of the buffered log with the severity level keyword. In the example in the Solution section, we configured the router with the keyword informational. This will cause it to ignore debugging messages, but retain all other system log messages.
The log messages appear in order from oldest to most recent. By default, the show logging command displays all messages contained in the log buffer. However, you can display specific message types by using output modifiers:
Router>show log | include denied Apr 7 21:16:12 EDT: %SEC-6-IPACCESSLOGS: list 98 denied 172.25.25.1 19 packets Apr 7 21:21:12 EDT: %SEC-6-IPACCESSLOGS: list 98 denied 172.25.1.5 1 packet Apr 7 21:26:12 EDT: %SEC-6-IPACCESSLOGS: list 98 denied 172.25.25.1 19 packets Apr 7 21:31:13 EDT: %SEC-6-IPACCESSLOGS: list 98 denied 172.25.25.1 5 packets Apr 7 21:33:13 EDT: %SEC-6-IPACCESSLOGS: list 98 denied 172.25.1.5 16 packets Apr 7 21:36:13 EDT: %SEC-6-IPACCESSLOGS: list 98 denied 172.25.25.1 5 packets Router>
By using output modifiers, you can display a single type of message based on a regular expression, similar to the grep command in Unix.
We discussed the importance of accurate time keeping and log time stamping in Chapter 14, where we highly recommended enabling log time stamps to help make the log messages more meaningful.
To disable the router's logging buffer, use the following command:
Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#no logging buffered Router(config)#end Router#
Recipe 18.2; Recipe 18.3; Chapter 14
Router Configuration and File Management
User Access and Privilege Levels
Handling Queuing and Congestion
Tunnels and VPNs
NTP and Time
Router Interfaces and Media
Simple Network Management Protocol
First Hop Redundancy Protocols
Appendix 1. External Software Packages
Appendix 2. IP Precedence, TOS, and DSCP Classifications