Basic Logging


Cisco IOS devices have the capability to log messages about system activity. These log messages can be useful in tracking system activity, errors, and notifications. Logging uses eight levels of notification messages, as summarized in Table 7-1.

Table 7-1. Cisco IOS Logging Messages
Level Description
Level 0 ”Emergencies The system has become unusable.
Level 1 ”Alerts Immediate action is needed to restore system stability.
Level 2 ”Critical Critical conditions have occurred that may require attention.
Level 3 ”Errors Error conditions have occurred that may help track problems.
Level 4 ”Warnings Warning conditions have occurred that are not severe.
Level 5 ”Notifications Normal but significant conditions bear notification.
Level 6 ”Informational These informational messages do not require action.
Level 7 ”Debugging These are debugging messages for system troubleshooting only.

In the IOS, you set the minimum level of logging messages (in terms of severity) that you want logged. You do so by identifying the level by name in the configuration command. Emergencies (Level 0) is the severest level, while debugging (Level 7) is the least severe level. All messages at the level that you identify and at more severe levels are sent to one of four locations:

  • A syslog server, configured using the logging trap command

  • An internal device buffer, configured using the logging buffered command

  • The console port of a device, configured using the logging console command

  • The terminal lines of a device, configured using the logging monitor command

The preceding logging commands are global configuration commands that enable you to specify the level of messages sent to each logging location. A syslog server is an excellent logging location because the system normally saves messages to a disk. Also, because syslog is a general purpose utility that many different programs utilize, you can have one central source for logging messages from different devices.

The internal device buffer is a useful logging facility if you do not have a syslog server or if you want each device to keep a separate log of events. The internal device buffer has a default size of 4096 bytes. You can alter the size by using the logging buffered command. For example, you can specify a larger buffer size, such as logging buffered 8192, which specifies an internal device buffer of 8192 bytes. While useful for some situations, the internal device buffer is in the RAM of the device, so it is lost with each device reload.

Logging messages to the console or terminal lines of a device (including virtual terminal sessions) is useful for immediate notification of critical events. The four different logging locations are not mutually exclusive, and you can use multiple logging facilities at the same time.


You must use the EXEC command terminal monitor to see logging messages on a terminal line or virtual terminal session. This command can be performed in privileged mode.

You can configure messages to the syslog server via the logging trap command. To enable syslog logging in the IOS, you must use the global configuration command logging to specify the IP address of the logging host.

As mentioned previously, it is possible to log messages to more than one of the locations. For example, you may want all Level 7 and more severe level messages to be sent to the syslog server. You may want emergency messages to be sent to the device console as well because of their critical nature. In the following example, the Seoul-1 router is configured on the ZIP network for logging in the manner just described:

 Seoul-1#  configure  Configuring from terminal, memory, or network [terminal]? Enter configuration commands, one per line. End with CNTL/Z. Seoul-1(config)#  logging  Seoul-1(config)#  logging trap debugging  Seoul-1(config)#  logging console emergencies  Seoul-1(config)#^  Z  


The syslog utility logs system messages to a text file on UNIX and other types of workstations. To log IOS device messages to a syslog server, you must configure your syslog process. You need to be a superuser on a UNIX workstation to enable the syslog facility local7, the facility used by all IOS devices. As superuser (root access), you should add the following line to the /etc/syslog.conf file:

 local7.debug         /var/adm/router.log 

Next, restart the syslog daemon on the UNIX workstation, which is typically done with the following command:

 % kill -HUP `cat /etc/' 

If all works well, you are now ready for your IOS devices to log to this UNIX workstation.

If an IOS device is configured to log to an internal buffer, the log results can be viewed with the EXEC command show logging. Assuming that the Seoul-1 router is configured to log to a buffer as well as to syslog and console, the show logging output is as follows :

 Seoul-1>show logging Syslog logging: enabled (0 messages dropped, 0 flushes, 0 overruns)     Console logging: level debugging, 2 messages logged     Monitor logging: level debugging, 2 messages logged     Trap logging: level debugging, 2 message lines logged         Logging to, 2 message lines logged     Buffer logging: level debugging, 2 messages logged          Log Buffer (4096 bytes): Mar 17 17:45:56: %LINK-3-UPDOWN: Interface Serial0, changed state to down Mar 17 18:23:10: %LINK-3-UPDOWN: Interface Serial0, changed state to up 

The preceding output shows that syslog logging is enabled. It also shows the number of messages logged to the device console, to the terminal lines of the device (monitor logging), and to a syslog logging host also show the number of messages buffered. The last two lines of the output display the log buffer, with two logging messages showing link-state change messages (Level 6 messages).

Note the timestamp information in the output. The section "Basic Time Control," later in this chapter, discusses how to configure the router to maintain this information.


We recommend that you enable logging at the debug level to at least one logging location. This enables you to ensure that all error messages the IOS device sends are recorded. Most network managers tend to set logging trap debug to enable syslog to log all IOS device messages.

Cisco Router Configuration
Cisco Router Configuration (2nd Edition)
ISBN: 1578702410
EAN: 2147483647
Year: 1999
Pages: 116 © 2008-2017.
If you may any questions please contact us: