[IT Technology Sharing] Internet Protocol System Log SYSLOG Technology

SYSLOG

SYSLOG (log)

Most of the logs in the system are generated and maintained through a mechanism called syslog.

syslog is a standard protocol, based on UDP, port number 514.

syslog is divided into client and server. The client is the party that generates log messages, while the server is responsible for

Responsible for receiving log messages sent by the client.

syslog log messages can be recorded locally (console, tty, buffer), or through the network

Send to the syslog server.

The syslog server can store syslog messages in a unified manner, or parse the contents of them to make corresponding

Processing.

Common application scenarios are network management tools, security management systems, and log audit systems.

SYSLOG message format

The complete syslog log contains the program module (Facility), severity (Security or Level), mnemonic, text, time, host name, IP or process ID that generated the log.

Message level

——The smaller the value, the higher the level

Emergency (level0, highest level)-the system is not available

Alert (level 1)-conditions that need to be modified immediately

Critical (level 2)-an error condition that prevents the implementation of certain tools or subsystem functions

Error (level 3)-an error condition that prevents the tool or some subsystems from being implemented

Warning (level 4)-warning message

Notice (level 5)-common conditions of importance

Information (level 6)-messages that provide information

Debugging (level 7)-does not contain other information about function conditions or problems

Configure SYSLOG

logging on The system turns on the syslog function by default, and outputs to the console by default

logging buffered [buffer size | level] **Optional, can be output to buffer, allocated by default

4096 bytes for saving log messages**

logging host 10.1.1.100 outputs to log server 10.1.1.100

logging trap ? 定义输出级别，默认是级别6
<0-7> Logging severity level
alerts Immediate action needed (severity=1)
critical Critical conditions (severity=2)
debugging Debugging messages (severity=7)
emergencies System is unusable (severity=0)
errors Error conditions (severity=3)
informational Informational messages (severity=6)

notifications Normal but significant conditions (severity=5)
warnings Warning conditions (severity=4)

no logging console **Log messages are not output to the console, and the test examiner often closes it, so

I can’t see the log messages on the console, which is inconvenient for troubleshooting**

show logging view syslog log message configuration

R1#show logging

Syslog logging: enabled (11 messages dropped, 0 messages rate-limited, 6 flushes, 0 overruns, xml disabled, filtering disabled)

Console logging: level debugging, 32 messages logged, xml disabled, filtering disabled

Monitor logging: level debugging, 0 messages logged, xml disabled, filtering disabled

Buffer logging: level debugging, 5 messages logged, xml disabled, filtering disabled

Logging Exception size (4096 bytes)

Count and timestamp logging messages: disabled No active filter modules.

Trap logging: level notifications, 33 message lines logged

Logging to 10.1.1.100(global) (udp port 514, audit disabled, link up), 4 message lines logged, xml disabled,

filtering disabled

Log Buffer (4096 bytes):

Mar 1 00:42:45.035: %SYS-5-CONFIG_I: Configured from console by
console
Mar 1 00:44:29.091: %SYS-5-CONFIG_I: Configured from console by
console
Mar 1 00:44:30.755: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host
10.1.1.100 started - CLI initiated
Mar 1 00:45:05.967: %SYS-5-CONFIG_I: Configured from console by
console
*Mar 1 00:49:23.731: %SYS-5-CONFIG_I: Configured from console by
console

Experimental demonstration:

Software needed:

Kiwi_Syslogd_8.3.25.setup-a simple syslog software, can be used directly after installation

Arrangement R1:

logging on

logging host 10.1.1.100

logging traps informational

R1(config)#interface loopback 0

R1(config-if)#

* Mar 1 00: 04: 01.847:% LINEPROTO-5-UPDOWN: Line protocol on

Interface Loopback0, changed state to up