Syslog Logging

IEWB1 Vol5 12.3 Syslog Logging
Configure R6 to log messages to syslog as follows:
o R6 should log to the server
o Log all messages up to notifications.
o R6 should use reliable transport at port 5000.
o Use ID ROUTER6 and the UNIX facility LOCAL1.
o Messages should be sourced off of the routers’ Loopback0 interfaces.
o Set the message queue depth to 256.


Rack1R6#sh run 

logging queue-limit 256
logging trap notifications
logging origin-id string ROUTER6
logging facility local1
logging source-interface Loopback0
logging host transport tcp port 5000

Note that, when you specify a server IP after “logging server_IP“, then we wont be able to specify transport protocol option. Instead, “logging host server_IP” allow extended options

Rack1R6#sh log
Logging to (tcp port 5000, audit disabled, link down), 9 message lines logged, xml disabled, filtering disabled

Compared if we leave the transport as default UDP 514

Logging to (udp port 514, audit disabled, link up), 9 message lines logged, xml disabled, filtering disabled

There’re cases where some commands are actually supported by IOS but they are not shown in the online help. E.g.

Rack1R6(config)#logging ? 
  host                 Set syslog server IP address and parameters
  monitor              Set terminal line (monitor) logging parameters
  on                   Enable logging to all enabled destinations
  origin-id            Add origin ID to syslog messages

! Note there's not online help for "logging queue-limit" command

  rate-limit           Set messages per second limit
  reload               Set reload logging level
  server-arp           Enable sending ARP requests for syslog servers when
                       first configured

But this command is available in the Command Reference.

logging queue-limit

To control how much system memory may be used for queued log messages, use the logging queue-limit command in global configuration mode. To permit unlimited use of memory for queued log messages, use the no form of this command.

Although it does not show in the online help, the router (with IOS 12.4) still support this feature. Simply just type the command in.

Rack1R6(config)#logging queue-limit 256
Rack1R6#sh run | in queue-limit
logging queue-limit 256

Syslog server screen shot


