Knowing how to properly use logging is a necessary skill for
any network administrator. It’s vital that you know how to use logging when it
comes time to start troubleshooting.
The Cisco IOS offers a great many options for logging. To
help bring you up to speed, let’s discuss how to configure logging, examine how
to view the log and its status, and look at three common errors when it comes
to logging.
The logging
command in Global Configuration Mode and the show logging command in Privileged Mode are two simple but powerful
tools to configure and show all Cisco IOS logging options. Let’s take a closer
look.
Configure logging in the Cisco IOS
When configuring logging, the most important command to know
is the logging command, used when in
Global Configuration Mode. Here’s an example of this command and its options.
router(config)# logging ? Hostname or A.B.C.D IP address of the logging host buffered Set buffered logging parameters buginf Enable buginf logging for debugging cns-events Set CNS Event logging level console Set console logging parameters count Count every log message and timestamp last occurrence exception Limit size of exception flush output facility Facility parameter for syslog messages history Configure syslog history table host Set syslog server IP address and parameters monitor Set terminal line (monitor) logging parameters on Enable logging to all supported destinations origin-id Add origin ID to syslog messages rate-limit Set messages per second limit reload Set reload logging level server-arp Enable sending ARP requests for syslog servers when first configured source-interface Specify interface for source address in logging transactions trap Set syslog server logging level userinfo Enable logging of user info on privileged mode enabling router(config)# logging
While the scope of this article prevents us from exploring
every one of these options, let’s take a look at the most common ones.
You can configure the router to send buffered logging of its
events to the memory. (Rebooting the router will lose all events stored in the
buffered log.) Here’s an example:
Router(config)# logging buffered 16384
You can also send the router’s events to a syslog server.
This is an external server running on your network. Most likely, the syslog
server is running on a Linux or Windows server. Because it’s external to the
router, there’s an added benefit: It preserves events even if the router loses
power. A syslog server also provides for centralized logging for all network
devices.
To configure syslog logging, all you need to do is use the logging command and the hostname or IP
address of the syslog server. So, to configure your Cisco device to use a
syslog server, use the following command:
Router(config)# logging 10.1.1.1
To learn more about using syslog with the Cisco IOS, check out
this TechRepublic download, “Use
syslog to monitor and troubleshooting Cisco devices.”
The Cisco IOS enables logging to the console, monitor, and
syslog by default. But there’s a catch: There’s no syslog host configured, so
that output goes nowhere.
There are eight different logging levels.
- 0—emergencies
- 1—alerts
- 2—critical
- 3—errors
- 4—warnings
- 5—notification
- 6—informational
- 7—debugging
The default level for console, monitor, and syslog is debugging.
The logging on command is the
default. To disable all logging, use the no
logging on command.
By default, the router logs anything at the level of debugging
and greater. That means that logging occurs from level 7 (debugging) up to
level 0 (emergencies). If you want to par down what the system logs, use
something like the logging console
notifications command.
In addition, the router doesn’t enable logging to the system
buffer by default. That’s why you must use the logging buffered command to enable it.
View the status of logging and the logging itself
To view the status of your logging as well as the local
buffered log, use the show logging
command. Here’s an example:
router# show logging Syslog logging: enabled (0 messages dropped, 394 messages rate-limited, 91 flushes, 0 overruns, xml disabled, filtering disabled) Console logging: level debugging, 2766982 messages logged, xml disabled, filtering disabled Monitor logging: level debugging, 12370 messages logged, xml disabled, filtering disabled Buffer logging: level debugging, 2754146 messages logged, xml disabled, filtering disabled Logging Exception size (4096 bytes) Count and timestamp logging messages: disabled Trap logging: level debugging, 3420603 message lines logged Logging to 10.1.1.1, 3420603 message lines logged, xml disabled, filtering disabled Log Buffer (10000000 bytes): i96 Feb 7 13:34:00.065 CST: %LINK-3-UPDOWN: Interface Serial1/1:22, changed state to up Feb 7 13:34:00.069 CST: %DIALER-6-BIND: Interface Se1/1:22 bound to profile Di96
Note that this router has enabled syslog logging and is
sending it to host 10.1.1.1. In addition, console logging is at the debugging
level, and the setting for local buffered logging is 10,000,000 bytes.
Look out for these common
logging errors
Logging can be frustrating at times. To help prevent some of
that frustration, let’s look at three common errors.
Not setting the terminal
to monitor logging
If you Telnet into a router and can’t see some of the logging
you’re expecting, check to see if you’ve set your terminal to monitor the
logging. You can enable this with the terminal
monitor command. To disable it, use the terminal
no monitor command.
To determine whether you’ve enabled monitoring, use the show terminal command, and look for the
following:
Capabilities: Receives Logging Output
If you see this, you’re monitoring logging output. If it
returns None for capabilities, then the monitoring is off.
Using the incorrect
logging level
If you can’t see logging output, you should also check
whether you’ve set the level correctly. For example, if you’ve set the console
logging to emergencies but you’re running debugging, you won’t see any debugging
output on the console.
To determine the set level, use the show logging command. Keep in mind that you need to set the level
to a higher number to see all levels below it. For example, setting logging at
debugging shows you every other level.
In addition, make sure you match the type of logging that
you want to see with the level you’re configuring. If you configure monitor
logging to debug but you’re on the console and you’ve set it to informational,
you won’t see the debug output on the console.
Displaying the incorrect
time and date in logs
You may see log messages that don’t exhibit the correct date
and time. There are a variety of options to control the date and time that
appear on logging output (either to the screen or to the buffer). To control
this, use the following command:
Router(config)# service timestamps debug ? datetime Timestamp with date and time uptime Timestamp with system uptime
Remember that many problems require some kind of historical
log to help find a solution. That’s why it’s important to make sure you’ve
properly configured logging so you can use your logs to see the past.
Miss a column?
Check out the Cisco Routers and Switches
Archive, and catch up on David Davis’ most recent columns.
Want to learn more
about router and switch management? Automatically
sign up for our free Cisco Routers and Switches newsletter, delivered each
Friday!
David Davis has worked
in the IT industry for 12 years and holds several certifications, including
CCIE, MCSE+I, CISSP, CCNA, CCDA, and CCNP. He currently manages a group of
systems/network administrators for a privately owned retail company and
performs networking/systems consulting on a part-time basis.