Syslog常被称为系统日志或系统记录,是一种用来在互联网协议(TCP/IP)的网上中传递记录档消息的标准。我们在cisco设备中也通常使用logging synchronous 打开日志同步功能。那么如何进行日志信息记录呢?
日志可以存放到本地,亦可以存放到远端的服务器,这里我们简单介绍如何在cisco设备上简单查看和配置日志内容:
SW1(config)#logging on //打开交换机的日志功能
SW1(config)#logging console debugging //把日志在控制台上显示出来
SW1(config)#logging monitor debugging //把日志在远程用户的终端上显示 出来,用户还得在终端上的特权模式下使用"terminal monitor" 命令才可以.
SW1(config)#logging buffered debugging //把日志记录在内存中,以后可以使用"show logging"查看
SW1(config)#logging host 12.1.1.1 //配置交换机把日志发送到特定 的日志服务器.
SW1(config)#logging trap debugging
SW1(config)#logging origin-id ip //指明交换机发送日志时,会用 ip地址作为id.
SW1(config)#logging facility local7
SW1(config)#logging source-interface vlan 1 //指明交换机以vlan1 接口的ip地 址作为源ip向服务器发送日志.
SW1(config)#service timestamps log //指明日志中要加上发送时间
SW1(config)#service timestamps log datetime //指明日志中发生的时间要以绝对的时间
SW1(config)#service sequence-numbers //指明日志中要加入序号
对于配置好的内容,可以使用show logging命令进行查看
SW1#sho logging
Syslog logging: enabled (12 messages dropped, 6 messages rate-limited,
0 flushes, 0 overruns, xml disabled, filtering disabled)
No Active Message Discriminator.
No Inactive Message Discriminator.
Console logging: level debugging, 60 messages logged, xml disabled,
filtering disabled
Monitor logging: level debugging, 0 messages logged, xml disabled,
filtering disabled
Buffer logging: level debugging, 3 messages logged, xml disabled,
filtering disabled
Logging Exception size (4096 bytes)
Count and timestamp logging messages: disabled
Persistent logging: disabled
No active filter modules.
ESM: 0 messages dropped
Trap logging: level debugging, 70 message lines logged
Logging to 12.1.1.1 (udp port 514, audit disabled,
authentication disabled, encryption disabled, link up),
3 message lines logged,
0 message lines rate-limited,
0 message lines dropped-by-MD,
xml disabled, sequence number disabled
filtering disabled
Log Buffer (4096 bytes):