Problem
You want to limit which logging levels the router will send to the syslog server.
Solution
Use the logging trap configuration command to limit the severity level of syslog messages:
Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#logging host 172.25.1.1 Router(config)#logging trap notifications Router(config)#end Router#
Discussion
By default, when you enable remote logging on a router, it will forward only those messages with a severity level informational or higher (see Table 18-1). This means that the router forwards everything but debugging messages to the syslog server. Raising the severity of the log messages forwarded to the syslog server can help to reduce bandwidth utilization across the network, as well as the disk space required for storing the log messages on the server. This example shows the output of the show logging exec command:
Router>show logging Syslog logging: enabled (0 messages dropped, 0 messages rate-limited, 0 flushes, 0 overruns) Console logging: level debugging, 658 messages logged Monitor logging: level debugging, 65 messages logged Buffer logging: level debugging, 6 messages logged Logging Exception size (4096 bytes) Trap logging: level notifications, 662 message lines logged Logging to 172.25.1.1, 5 message lines logged Logging to 172.25.1.3, 5 message lines logged Log Buffer (4096 bytes): Router>
Notice that the logging severity level is set to notifications and that both outbound servers are limited to the same level. It is important to note that the logging trap command sets the severity level for all syslog servers.
Another important use for the logging trap command is allowing the router to send debug level messages to a syslog server. The default severity level for syslog is informational, so the router will not forward any debug messages. Having the ability to store debug messages can often be useful in fault isolation and trouble resolution. The following commands show how to enable the forwarding of debugging severity-level messages:
Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#logging host 172.25.1.1 Router(config)#logging trap debugging Router(config)#end Router#
You must also configure the syslog server to handle debug level messages. You can accomplish this in one of two waysby creating a dedicated file to handle debug messages or by forwarding debug messages to the normal router logfile. The following two examples will demonstrate how to modify your syslog.conf file to handle both situations:
local7.debug /var/log/debug
Or:
local7.=debug /var/log/debug
The difference between these two methods is that while the first sends all messages with a severity greater than or equal to debug severity to the indicated file, the second directs only debug level messages to this file. The first example is a more traditional method to assign debug level messages to a particular file, but the second example is preferred since it allows you to separate debug messages from the normal router log messages. Most modern syslog facilities will handle the second example command syntax, but please check your manpages to ensure compatibility by issuing a man syslog.conf.
To simply forward all debug level messages to the default router log, change your syslog.conf files to include the following:
local7.debug /var/log/rtrlog
Use caution when enabling the remote storing of debug messages. Debug messages can quickly overwhelm your server if not properly enabled on the router.
Router Configuration and File Management
Router Management
User Access and Privilege Levels
TACACS+
IP Routing
RIP
EIGRP
OSPF
BGP
Frame Relay
Handling Queuing and Congestion
Tunnels and VPNs
Dial Backup
NTP and Time
DLSw
Router Interfaces and Media
Simple Network Management Protocol
Logging
Access-Lists
DHCP
NAT
First Hop Redundancy Protocols
IP Multicast
IP Mobility
IPv6
MPLS
Security
Appendix 1. External Software Packages
Appendix 2. IP Precedence, TOS, and DSCP Classifications
Index