Implementing Logging Features

Logging is important as a tool for discovering events that are happening in the network and for troubleshooting. Correctly configuring logging so that you can collect and correlate events across multiple network devices is a critical component for a secure network.

Configuring Syslog Support

Example 11-11 shows a typical syslog message and how to control what information is included with the message.

Example 11-11 Using Service Time Stamps with Syslog Events

Click here to view code image

R4(config)# interface fa0/0
R4(config-if)# shut
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to administratively down
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to down
R4(config-if)#

! If we add time stamps to the syslog messages, those time stamps can assist in
! correlating events that occurred on multiple devices

R4(config)# service timestamps log datetime
R4(config)# int fa0/0
R4(config-if)# no shutdown

! These syslog messages have the date of the event, the event (just after
! the %) a description, and also the level of the event (the first event in
! the example below is level 3 with the second event being level 5).
*Nov 22 12:08:13: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
*Nov 22 12:08:14: %LINEPROTO-5-UPDOWN: Line protocol on Interface
  FastEthernet0/0, changed state to up

To configure logging, tell the CCP the address of your syslog server and what logging level you want to use. As a reminder, level 7, also known as debug level, sends all syslog alerts at level 7 and lower. To configure logging, navigate to Configure > Router > Logging, as shown in Figure 11-5.

Image

Figure 11-5 Viewing the Logging Configuration

To modify any of the logging settings, click the Edit button, as shown in Figure 11-6.

Image

Figure 11-6 Using CCP to Edit the Logging Settings

In Figure 11-6, we have configured level 5 logging (notifications level) to a syslog server at the IP address of 10.1.1.200, and we have specified that the logging level to the buffer on the router is level 7 (debugging level). The memory buffer to hold syslog messages is 4096 bytes. Beyond the 4096 bytes’ worth of messages in memory, any new messages will replace the oldest messages in a FIFO manner. An example of a syslog server is syslog software running on a PC or dedicated server in your network.

The CCP (for the preceding scenario) creates the equivalent output at the CLI, as shown in Example 11-12.

Example 11-12 CLI Equivalent Generated by CCP

Click here to view code image

logging 10.1.1.200
logging trap notifications
logging buffered 4096 debugging

Image
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset