Syslog and Terminal Messages

Syslog and Terminal Messages

Here we have yet another topic that we need to understand on our journey towards being Cisco professionals. Syslog and Terminal Messages are maybe not the most exciting things to focus on but I can tell you from my experience as a senior administrator, that logging is crucial and understanding how to work with logs can be a life-saver, or in our case, a job-saver. 😏

Terminal Messages

By default, users connected to the console receive messages for all severity levels. This happens because of the default logging console global configuration command.

Other users that are connected with either Telnet or SSH don't see those messages by default. To enable that requires us to run two commands. IOS has another global configuration setting that tells IOS to enable the sending of log messages to all logged users.

logging monitor

This is not enough to allow users to see the log messages. The user must also issue the following command during the login session. This tells IOS that this terminal would like to receive log messages.

terminal monitor


Syslog

It's good to keep log messages for later review. IOS provides two means to save these messages.

  1. IOS can store copies of log messages in RAM by issuing command number 1 in global configuration mode. You view saved log messages by typing in command no 2.

logging buffered

show logging

  1. Option number 2 is more widely used. All devices can store their log messages on a syslog server. To configure a router or switch to send log messages to a syslog server is pretty straightforward. This is done in global configuration mode.

To see the options for logging.

logging ?

To send log messages to a syslog server.

logging ip-address or hostname

IOS has the following categories for Syslog messages.

  • Timestamp.
  • What generated the message, e.g., what interface.
  • The severity level.
  • A mnemonic for the message, a short text string that describes the message.
  • The description of the message.

These are the severity levels

KeywordNumeralDescription
Emergency alert0System is unusable.
Alert1Immediate action required.
Critical2Critical Event.
Error3Error Event.
Warning4Warning Event.
Notification5Normal, More Important.
Informational6Normal, Less Important.
Debug7Requested by User Debug.

You can swap out the timestamp in global config for a sequence number if that's your preference.

no service timestamps

service sequence-numbers

How to configure logging message level for each log service

ServiceTo Enable LoggingTo Set Message Levels
Consolelogging consolelogging console level-name | level-number
Monitorlogging monitorlogging monitor level-name | level-number
Bufferedlogging bufferedlogging buffered level-name | level-number
Sysloglogging host address | hostnamelogging trap level-name | level-number

Debug Command

Debug is a powerful command that has a lot of options. As we can see on the table above us, it's number 8 on the list but I guess that's like saving the best for last?

With the debug EXEC command we can ask IOS to monitor certain events and log messages when those events occur. The debug command does take up CPU resources so we should be careful when using debug commands on production devices.

We can limit the amount of messages sent to the syslog server, based on severity, with the following command.

logging trap ?

This shows us the options we can work with. If we just want to log informational messages, severity 6.

logging trap informational

Notice that you can either use the number or the actual severity level name. If you select level 6, remember that you don't just receive level 6, but all messages from levels 0 through 6.


This concludes my post on Syslog and Terminal Messages but if you want to chat, please connect with me on Twitter or LinkedIn. 🙂


Leave a Reply

Your email address will not be published. Required fields are marked *