We will discuss the record and storage of Cisco router logs in the following steps. First, display the log information for the line, then save the log information to the log server, and finally send the log information to the SNMP Management Terminal.
Configure the option for sending log information
Log information is generally the alarm information generated by the system in Cisco IOS. Each piece of information is assigned a warning level and carries a description of the problem or time severity. By default, Cisco IOS only sends log information to the Console interface. However, sending log information to the Console interface is sometimes not convenient for us to store, manage, and analyze log information, in more cases, we choose to send logs to the router cache, Cisco router log server, or SNMP Management Terminal.
In Cisco IOS, the log message will be sent to the log storage region in the following way: % LINK-5-CHANGED: Interface Ethemet0/0, changed state to administratively down, if additional options such as timestamp and serial number are enabled for log information, the log information is shown as follows: 000011: Feb 03 14:03:13. 011: % SYS-5-CONFIGJ: Configured from console by console, Cisco IOS specification, Cisco router log information is divided into 7 levels, each level is associated with a severity level, level 0 is the highest, level 7 is the lowest. You can set the log level after using the logging command.
1. Display log records for lines
When displaying log information for line configuration, we need to complete two tasks: 1. Enable the logging function. 2. Control the online display of log information. By default, the log information record is only opened on the Console line of the Cisco IOS device. to record the log information on another line or storage area, you must configure the corresponding attributes: using the logging on command, you can enable log information and set to record log information to other configured storage regions, such as the internal cache of the Cisco router log server and Cisco IOS device.
This command must be executed before logging log information to other locations except the Console line. If you want to save log information to other locations, you can use other parameters of the logging command, this will be briefly introduced in the future. If this command is not executed, Cisco IOS only sends the log information record to the Console line. The router can also send log information to the VTY line. By default, the Cisco IOS device does not send the log information to the VTY line. If you need to send the log information to the VTY line, you can use the logging monitor command to record logs on VTY lines.
Note that if this command is used, you must use the logging on command to enable the logging function. When configuring a router, we often encounter a command input, the Cisco IOS device displays the log information in the command line being entered, although these Cisco router log messages have nothing to do with our input commands, they may also cause us trouble, in this case, you can enter the logging synchronous command to synchronize the log information output and debug information output to the route of the vro, so that the input command will not be affected.
2. Store log information in other storage regions
The previously introduced method of sending log information to the line has a drawback. If we do not see the screen output of the connection line, the message is rolled over the screen and exceeds the historical cache of the terminal software, then we will not be able to see the lost messages. To avoid this problem, we often send log information to other storage areas, including the internal cache of the device, the system log server, and the SNMP Management Terminal.
1) Save the log information to the log server
To send the log information to the internal cache of the device, run the following command: hostname (config) # logging buffered [buffer_size | security_level]. This command has two parameters, the first parameter is to set the buffer size in the range of 4096-4294967295 bytes. The second parameter of this command indicates that the log information of the level should be recorded. To facilitate management and processing, logs of all devices in the network environment are sent to the Cisco router log server or SNMP management terminal in a centralized manner. The command syntax used to send logs to the log server is as follows:
Hostname (config) # logging on
Hostname (config) # logging host {ip_address | host_name}
Hostname (config) # logging trap security_level
Hostname (config) # logging source-interface interface_type interface _#
Hostname (config) # logging origin-id {hostname | ip | string}
Hostname (config) # logging facility facility_type
The logging on command allows logging to a non-console destination. The logging host command specifies the IP address, host name, or host domain name of the system log server. If the address of multiple log servers is specified, the device sends log information to all log servers multiple times. The logging trap command specifies the log message level to be sent to the system log server. For more information about these parameters, see. The IP address of the interface used by the router to arrive at the log server of the Cisco router is the source IP address of the log information. When multiple interfaces of the router can reach the log server, the source IP address of the log information may be different.
The Cisco IOS router supports adding the router identity information to the system log information, so that you can search for or separate information on the log server based on each device. This function is implemented using the logging origin-id command. For identity information, you can select the vro name configured using the hostname command), the IP address sends the interface IP address information of log information), and the string is used to define the vro identity information ). The logging facility command defines the functions used on the log information server running on UNIX, and the log information is saved on the UNIX server. You can also send the log information to the SNMP Management Terminal. The command used is as follows: hostname (config) # snmp-server enable trap syslog, and then send the log information to the SNMP Management Terminal using three commands:
2) Send the log information to the SNMP Management Terminal
Hostname (config) # logging on
Hostname (config) # logging history security_level
Hostname (config) # logging history size number
The first command has been discussed earlier. The second command is to determine which serious log messages should be sent to the SNMP Management Terminal. For severity levels, see the previous introduction. By default, at least one latest Cisco router log message is saved in the history Table by default. You can use the logging history size command to modify this value.