Task 4—Using Syslog, NTP, and Modem Call Records to Isolate and Troubleshoot Faults

About Syslog

By using the logging ? command, you can see the log settings for distinct destinations:

travis-nas-01(config)#logging ?

 

Hostname or A.B.C.D

IP address of the

logging host

buffered

Set buffered logging parameters

console

Set console logging level

facility

Facility parameter for syslog messages

history

Configure syslog history table

monitor

Set terminal line

(monitor) logging level

on

Enable logging to

all supported destinations

rate-limit

Set messages per second limit

source-interface

Specify interface

for source address in logging

 

transactions

 

trap

Set syslog server

logging level

There are eight levels of syslog information in the Cisco IOS software. Monitor and manage logs according to the severity level of the syslog message. By using the logging trap ? command, you can see the logging severity levels:

travis-nas-01(config)#logging trap ?

 

<0-7>

Logging severity level

 

alerts

Immediate action needed

(severity=1)

critical

Critical conditions

(severity=2)

debugging

Debugging messages

(severity=7)

emergencies

System is unusable

(severity=0)

errors

Error conditions

(severity=3)

informational

Informational messages

(severity=6)

notifications

Normal but significant conditions (severity=5)

warnings

Warning conditions

(severity=4)

<cr>

 

 

Table 18 Logging Trap Severity Definitions

Message Type

Description

Syslog Message

Severity Level

 

 

 

 

emergencies

System unusable

LOG_EMERG

0

 

 

 

 

alerts

Immediate action needed

LOG_ALERT

1

 

 

 

 

critical

Critical conditions

LOG_CRIT

2

 

 

 

 

errors

Error conditions

LOG_ERR

3

 

 

 

 

warnings

Warning conditions

LOG_WARNING

4

 

 

 

 

notifications

Normal but significant condition

LOG_NOTICE

5

 

 

 

 

informational

Informational messages only

LOG_INFO

6

 

 

 

 

debugging

Debugging messages

LOG_DEBUG

7

 

 

 

 

In this case study, syslog is enabled on all Cisco access servers and backbone routers. Each device sends syslog messages to the same log file on the same syslog server.

The terminology in the syslog messages can vary between different versions of Cisco IOS software. To effectively manage syslog messages, ensure that wherever possible, the same version of Cisco IOS software is running on all routers.

Note For background information on syslog, go to

http://www.cert.org/security-improvement/practices/p041.html

Basic Dial NMS Implementation Guide

$&

Page 68
Image 68
Cisco Systems Dial NMS manual Message Type Description Syslog Message Severity Level