As an administrator of a network, you have just completed all the configuration and they are working nicely. Now maybe the next thing you want to do is to set up something that can alert you when something goes wrong or down in your network. Syslog is an excellent tool for system monitoring and is almost always included in your distribution.
There are some places we can send Syslog messages to:
|Place to store Syslog messages||Command to use|
|Internal buffer (inside a switch or router)||logging buffered [size]|
|Flash memory||logging file flash:filename|
|Nonconsole terminal (VTY connection…)||terminal monitor|
|Console line||logging console|
Note: If sent to a Syslog server, messages are sent on UDP port 514.
By default, Cisco routers and switches send log messages to the console. We should use a Syslog server to contain our logging messages with the logging command. Syslog server is the most popular place to store logging messages and administrators can easily monitor the wealth of their networks based on the received information.
|0||emergencies||System is unusable|
|1||alerts||Immediate action is needed|
|2||critical||Critical conditions exist|
|3||errors||Error conditions exist|
|4||warnings||Warning conditions exist|
|5||notification||Normal, but significant, conditions exist|
Note: You can remember the order above with the sentence: “Eventually All Critical Errors Will Not Involve Damage”.
The highest level is level 0 (emergencies). The lowest level is level 7. To change the minimum severity level that is sent to syslog, use the logging trap level configuration command. If you specify a level, that level and all the higher levels will be displayed. For example, by using the logging console warnings command, all the logging of emergencies, alerts, critical, errors, warnings will be displayed. Levels 0 through 4 are for events that could seriously impact the device, whereas levels 5 through 7 are for less-important events. By default, syslog servers receive informational messages (level 6).