Syslog Logging

October 26, 2008 at 12:14 pm | Posted in System Management | Leave a comment

IEWB1 Vol5 12.3 Syslog Logging
Configure R6 to log messages to syslog as follows:
o R6 should log to the server 192.168.0.5.
o Log all messages up to notifications.
o R6 should use reliable transport at port 5000.
o Use ID ROUTER6 and the UNIX facility LOCAL1.
o Messages should be sourced off of the routers’ Loopback0 interfaces.
o Set the message queue depth to 256.

Configuration

Rack1R6#sh run 

logging queue-limit 256
logging trap notifications
logging origin-id string ROUTER6
logging facility local1
logging source-interface Loopback0
logging host 192.168.0.5 transport tcp port 5000

Note that, when you specify a server IP after “logging server_IP“, then we wont be able to specify transport protocol option. Instead, “logging host server_IP” allow extended options

Rack1R6#sh log
Logging to 192.168.0.5 (tcp port 5000, audit disabled, link down), 9 message lines logged, xml disabled, filtering disabled

Compared if we leave the transport as default UDP 514

Logging to 192.168.0.5 (udp port 514, audit disabled, link up), 9 message lines logged, xml disabled, filtering disabled

There’re cases where some commands are actually supported by IOS but they are not shown in the online help. E.g.

Rack1R6(config)#logging ? 
  ...
  host                 Set syslog server IP address and parameters
  monitor              Set terminal line (monitor) logging parameters
  on                   Enable logging to all enabled destinations
  origin-id            Add origin ID to syslog messages

! Note there's not online help for "logging queue-limit" command

  rate-limit           Set messages per second limit
  reload               Set reload logging level
  server-arp           Enable sending ARP requests for syslog servers when
                       first configured
  ...

But this command is available in the Command Reference.

logging queue-limit

To control how much system memory may be used for queued log messages, use the logging queue-limit command in global configuration mode. To permit unlimited use of memory for queued log messages, use the no form of this command.

Although it does not show in the online help, the router (with IOS 12.4) still support this feature. Simply just type the command in.

Rack1R6(config)#logging queue-limit 256
Rack1R6(config)#
Rack1R6#sh run | in queue-limit
logging queue-limit 256

Syslog server screen shot

Advertisements

Leave a Comment »

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Create a free website or blog at WordPress.com.
Entries and comments feeds.

%d bloggers like this: