Restricting What Log Messages Are Sent to the Server


You want to limit which logging levels the router will send to the syslog server.


Use the logging trap configuration command to limit the severity level of syslog messages:

Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#logging host
Router(config)#logging trap notifications



By default, when you enable remote logging on a router, it will forward only those messages with a severity level informational or higher (see Table 18-1). This means that the router forwards everything but debugging messages to the syslog server. Raising the severity of the log messages forwarded to the syslog server can help to reduce bandwidth utilization across the network, as well as the disk space required for storing the log messages on the server. This example shows the output of the show logging exec command:

Router>show logging
Syslog logging: enabled (0 messages dropped, 0 messages rate-limited, 0 flushes, 0 overruns)
 Console logging: level debugging, 658 messages logged
 Monitor logging: level debugging, 65 messages logged
 Buffer logging: level debugging, 6 messages logged
 Logging Exception size (4096 bytes)
 Trap logging: level notifications, 662 message lines logged
 Logging to, 5 message lines logged
 Logging to, 5 message lines logged
Log Buffer (4096 bytes): 

Notice that the logging severity level is set to notifications and that both outbound servers are limited to the same level. It is important to note that the logging trap command sets the severity level for all syslog servers.

Another important use for the logging trap command is allowing the router to send debug level messages to a syslog server. The default severity level for syslog is informational, so the router will not forward any debug messages. Having the ability to store debug messages can often be useful in fault isolation and trouble resolution. The following commands show how to enable the forwarding of debugging severity-level messages:

Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#logging host
Router(config)#logging trap debugging

You must also configure the syslog server to handle debug level messages. You can accomplish this in one of two waysby creating a dedicated file to handle debug messages or by forwarding debug messages to the normal router logfile. The following two examples will demonstrate how to modify your syslog.conf file to handle both situations:

local7.debug /var/log/debug


local7.=debug /var/log/debug

The difference between these two methods is that while the first sends all messages with a severity greater than or equal to debug severity to the indicated file, the second directs only debug level messages to this file. The first example is a more traditional method to assign debug level messages to a particular file, but the second example is preferred since it allows you to separate debug messages from the normal router log messages. Most modern syslog facilities will handle the second example command syntax, but please check your manpages to ensure compatibility by issuing a man syslog.conf.

To simply forward all debug level messages to the default router log, change your syslog.conf files to include the following:

local7.debug /var/log/rtrlog

Use caution when enabling the remote storing of debug messages. Debug messages can quickly overwhelm your server if not properly enabled on the router.

Router Configuration and File Management

Router Management

User Access and Privilege Levels


IP Routing





Frame Relay

Handling Queuing and Congestion

Tunnels and VPNs

Dial Backup

NTP and Time


Router Interfaces and Media

Simple Network Management Protocol





First Hop Redundancy Protocols

IP Multicast

IP Mobility




Appendix 1. External Software Packages

Appendix 2. IP Precedence, TOS, and DSCP Classifications


Cisco IOS Cookbook
Cisco IOS Cookbook (Cookbooks (OReilly))
ISBN: 0596527225
EAN: 2147483647
Year: 2004
Pages: 505 © 2008-2020.
If you may any questions please contact us: