In the command sequence given below:
CertExamsR1#configure terminal
CertExamsR1(config)#logging buffered 4048 0
CertExamsR1(config)#exit
CertExamsR1#
the statement "logging buffered 4048 0" enables the syslog messages to be sent to the router/switch memory, and allocates 4048 bytes of router or switch memory (RAM). Once the buffer is full, the router deletes old messages from the buffer as new messages are added (First in first out).
"0" represents the severity level of the syslog message that needs to be sent to the memory. As can be seen from the table below, severity level "0" represents emergency messages. Severity level may have values ranging from 0 to 7 as given in the table below:
0 - Emergency (System is unusable)
1 - Alert (Action must be taken immediately)
2 - Critical (Critical conditions)
3 - Error (Error conditions)
4 - Warning (Warning conditions)
5 - Notice (Normal but significant condition)
6 - Informational (Informational messages)
7 - Debug (Debug-level messages)
The default level for console, monitor, and syslog is debugging. By default, the router logs anything at the level of debugging and greater. That means that logging occurs from level 7 (debugging) up to level 0. The logging on command is the default. To disable all logging, use the no logging on command.
Cisco routers log messages can handle in five different ways:
Console logging:By default, the router sends all log messages to its console port. Hence only the users that are physically connected to the router console port can view these messages.
Terminal logging:It is similar to console logging, but it displays log messages to the router's VTY lines instead. This is not enabled by default.
Use the following commands to collect the Syslog messages when you are connected to an SSH terminal.
CertExamsR1#terminal monitor
Buffered logging:This type of logging uses router's RAM for storing log messages. buffer has a fixed size to ensure that the log will not deplete valuable system memory. The router accomplishes this by deleting old messages from the buffer as new messages are added.
Use the following commands to store the Syslog messages in Cisco Router's / Switch's memory. "4048" is the size of memory allocated to store Syslog messages and "0" is the severity level.
CertExamsR1#configure terminal
CertExamsR1(config)#logging buffered 4048 0
CertExamsR1(config)#exit
CertExamsR1#
Syslog Server logging:The router can use syslog to forward log messages to external syslog servers for storage. This is considered to be the best practice as there is no loss of data (huge storage capacities) and there is no overload on the router or switch as in the case of buffered logging. A syslog server also provides for centralized logging for all network devices.
Use the following commands to send Syslog messages to a Syslog server, configured at 192.168.1.100.
CertExamsR1#configure terminal
CertExamsR1(config)#logging 192.168.1.100
CertExamsR1(config)#exit
CertExamsR1#
SNMP trap logging:The router can send syslog message to an external SNMP server. This is accomplished using SNMP trap.
From the show logging command output, we can interpret that the router has the following logging configuration:
1. Syslog logging and is sending it to host 10.2.2.2,
2. In addition, console logging is at the debugging level, and
3. The setting for local buffered logging is 1048576 bytes.
By default, the timestamps are in hr:min:sec. If you want to enable greater resolution, you can enable millisecond level resolution by using the command "service timestamps log datetime msec"
The syntax is as given below:
Router(Config)#service timestamps log {uptime |datetime [msec |localtime |show-timezone]} The options are self explanatory.
