Syslog is a standard for logging messages describing important events on network equipment. These events are used for auditing to know what, when, and how the event happened.
The severity levels are for filtering Syslog events according to need. The levels go from 0 to 7:
0.- Emergencies
1.- Alerts
2.- Critical
3.- Errors
4.- Warnings
5.-Notifications
6.- Informational
7.- Debugging
By default, the router sends all messages to its console port. Therefore, only users connected to the router’s console port can see these messages.
Command to specify the severity level of messages that will appear on the console:
Switch(config)# logging consoleThe following command is to disable messages from being seen on the console port:
Switch(config)# no logging consoleThe switch stores log locally in a 4096 bytes buffer. When the buffer fills up, the new messages overwrite the older ones.
The buffer size ranges from 4096 to 2147483647. This value can be modified with the following command:
Switch(config)# logging buffered Use this command to clear the internal buffer of the switch:
Switch# clear logging
Clear logging buffered [confirm]If you have an external Syslog server, messages can be forwarded with the following command:
Switch(config)# logging hostConfigure what type of alarms are to be sent to the Syslog server:
Switch(config)# logging trapThe following command is to redirect messages to our SSH or telnet session:
Switch(config)# terminal monitorFinally, the following command uses the switch clock as a timestamp for Syslog messages:
Switch(config)# service timestamps log datetime [ localtime] [ show-timezone] [ msec] [ year]Verification commands:
Switch# show logging
