Logging is important as a tool for discovering events that are happening in the network and for troubleshooting. Correctly configuring logging so that you can collect and correlate events across multiple network devices is a critical component for a secure network.
Example 11-11 shows a typical syslog message and how to control what information is included with the message.
R4(config)# interface fa0/0
R4(config-if)# shut
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to administratively down
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to down
R4(config-if)#
! If we add time stamps to the syslog messages, those time stamps can assist in
! correlating events that occurred on multiple devices
R4(config)# service timestamps log datetime
R4(config)# int fa0/0
R4(config-if)# no shutdown
! These syslog messages have the date of the event, the event (just after
! the %) a description, and also the level of the event (the first event in
! the example below is level 3 with the second event being level 5).
*Nov 22 12:08:13: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
*Nov 22 12:08:14: %LINEPROTO-5-UPDOWN: Line protocol on Interface
FastEthernet0/0, changed state to up
To configure logging, tell the CCP the address of your syslog server and what logging level you want to use. As a reminder, level 7, also known as debug level, sends all syslog alerts at level 7 and lower. To configure logging, navigate to Configure > Router > Logging, as shown in Figure 11-5.
To modify any of the logging settings, click the Edit button, as shown in Figure 11-6.
In Figure 11-6, we have configured level 5 logging (notifications level) to a syslog server at the IP address of 10.1.1.200, and we have specified that the logging level to the buffer on the router is level 7 (debugging level). The memory buffer to hold syslog messages is 4096 bytes. Beyond the 4096 bytes’ worth of messages in memory, any new messages will replace the oldest messages in a FIFO manner. An example of a syslog server is syslog software running on a PC or dedicated server in your network.
The CCP (for the preceding scenario) creates the equivalent output at the CLI, as shown in Example 11-12.
logging 10.1.1.200
logging trap notifications
logging buffered 4096 debugging