SYSLOG
SYSLOG (log)
Most of the logs in the system are generated and maintained through a mechanism called syslog.
syslog is a standard protocol, based on UDP, port number 514.
syslog is divided into client and server. The client is the party that generates log messages, while the server is responsible for
Responsible for receiving log messages sent by the client.
syslog log messages can be recorded locally (console, tty, buffer), or through the network
Send to the syslog server.
The syslog server can store syslog messages in a unified manner, or parse the contents of them to make corresponding
Processing.
Common application scenarios are network management tools, security management systems, and log audit systems.
SYSLOG message format
The complete syslog log contains the program module (Facility), severity (Security or Level), mnemonic, text, time, host name, IP or process ID that generated the log.
Message level
——The smaller the value, the higher the level
Emergency (level0, highest level)-the system is not available
Alert (level 1)-conditions that need to be modified immediately
Critical (level 2)-an error condition that prevents the implementation of certain tools or subsystem functions
Error (level 3)-an error condition that prevents the tool or some subsystems from being implemented
Warning (level 4)-warning message
Notice (level 5)-common conditions of importance
Information (level 6)-messages that provide information
Debugging (level 7)-does not contain other information about function conditions or problems
Configure SYSLOG
logging on The system turns on the syslog function by default, and outputs to the console by default
logging buffered [buffer size | level] **Optional, can be output to buffer, allocated by default
4096 bytes for saving log messages**
logging host 10.1.1.100 outputs to log server 10.1.1.100
logging trap ? 定义输出级别,默认是级别6
<0-7> Logging severity level
alerts Immediate action needed (severity=1)
critical Critical conditions (severity=2)
debugging Debugging messages (severity=7)
emergencies System is unusable (severity=0)
errors Error conditions (severity=3)
informational Informational messages (severity=6)
notifications Normal but significant conditions (severity=5)
warnings Warning conditions (severity=4)
no logging console **Log messages are not output to the console, and the test examiner often closes it, so
I can’t see the log messages on the console, which is inconvenient for troubleshooting**
show logging view syslog log message configuration
R1#show logging
Syslog logging: enabled (11 messages dropped, 0 messages rate-limited, 6 flushes, 0 overruns, xml disabled, filtering disabled)
Console logging: level debugging, 32 messages logged, xml disabled, filtering disabled
Monitor logging: level debugging, 0 messages logged, xml disabled, filtering disabled
Buffer logging: level debugging, 5 messages logged, xml disabled, filtering disabled
Logging Exception size (4096 bytes)
Count and timestamp logging messages: disabled No active filter modules.
Trap logging: level notifications, 33 message lines logged
Logging to 10.1.1.100(global) (udp port 514, audit disabled, link up), 4 message lines logged, xml disabled,
filtering disabled
Log Buffer (4096 bytes):
Mar 1 00:42:45.035: %SYS-5-CONFIG_I: Configured from console by
console
Mar 1 00:44:29.091: %SYS-5-CONFIG_I: Configured from console by
console
Mar 1 00:44:30.755: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host
10.1.1.100 started - CLI initiated
Mar 1 00:45:05.967: %SYS-5-CONFIG_I: Configured from console by
console
*Mar 1 00:49:23.731: %SYS-5-CONFIG_I: Configured from console by
console
Experimental demonstration:
Software needed:
Kiwi_Syslogd_8.3.25.setup-a simple syslog software, can be used directly after installation
Arrangement R1:
logging on
logging host 10.1.1.100
logging traps informational
R1(config)#interface loopback 0
R1(config-if)#
* Mar 1 00: 04: 01.847:% LINEPROTO-5-UPDOWN: Line protocol on
Interface Loopback0, changed state to up