Syslog


The syslog protocol was first defined as part of the UNIX operating system to log messages within the OS. Syslogs allow a computer or device to deliver messages to another computer. Syslog messages have a particular format that associates a facility, and a severity or priority with a message.

The facility code allows syslog to group messages from different sources and take action based on this facility or group. The facilities are described in Table 8-7 and the priorities supported are described in Table 8-8.

Table 8-7. Syslog Facilities
Facility Description
Auth Authorization system
Cron Cron facility
Daemon System daemon
Kern Kernel
local0-7 Reserved for locally defined messages
Lpr Line printer system
Mail Mail system
News USENET news
sys9 System use
sys10 System use
sys11 System use
sys12 System use
sys13 System use
sys14 System use
Syslog System log
User User process
Uucp UNIX-to-UNIX copy system

Table 8-8. Syslog Priority Levels and their Descriptions
Level Name Level Description Syslog Definition
Emergencies 0 System unusable LOG_EMERG
Alerts 1 Immediate action needed LOG_ALERT
Critical 2 Critical conditions LOG_CRIT
Errors 3 Error conditions LOG_ERR
Warnings 4 Warning conditions LOG_WARNING
Notifications 5 Normal but significant condition LOG_NOTICE
Informational 6 Informational messages only LOG_INFO
Debugging 7 Debugging messages LOG_DEBUG

Syslog is usually used to deliver log messages from devices to a central repository. A syslog daemon runs in this central repository, which is most often a UNIX system. What is done with syslog messages is controlled by the configuration of the syslog daemon. On UNIX systems, this configuration is normally kept in the /etc/syslog.conf file. A typical line in a syslog.conf file to direct syslog messages coming in on the local7 facility to a log file would be formatted as follows:

 local7.info    /var/log/messages 

Cisco devices can use the syslog protocol to deliver log messages, including messages you would see if you were on the console of the device or typed show log on the device. These messages complement (and sometimes duplicate) SNMP notifications.

Cisco devices normally use the local7 facility, but that can be changed using the logging facility facility-type global IOS command, or the set logging level or set logging server facility Catalyst commands. The severity or priority of the syslog message is hardcoded into the message itself, but you can control what severity of messages are delivered via syslog by using the logging history level global IOS command, or the set logging level or set logging server severity Catalyst commands. Note that all messages of equal or higher severity are delivered. See Table 8-8 for the order of severities.



Performance and Fault Management
Performance and Fault Management: A Practical Guide to Effectively Managing Cisco Network Devices (Cisco Press Core Series)
ISBN: 1578701805
EAN: 2147483647
Year: 2005
Pages: 200

Similar book on Amazon

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net