SYSLOG is a protocol that is widely used to inspect the behavior of a certain device. By installing a SYSLOG server daemon on a PC, you can check the status of all devices that are configured to use that server. Figure 15-1 displays a basic setup of a SYSLOG server and a router.
NOTE
More info on SYSLOG can be found in the RFC at the following URL: http://www.ietf.org/rfc/rfc3164.txt.
The router is configured to log all warnings that are generated on that router. The warning level of information that is sent to the SYSLOG server depends on the configuration. Levels range from 0 to 7, as you can see in Table 15-2.
Level | Command | Description |
|---|---|---|
0 | emergencies | System is unusable. |
1 | alerts | Immediate action needed. |
2 | critical | Critical conditions. |
3 | errors | Error conditions. |
4 | warnings | Warning conditions. |
5 | notifications | Normal but significant conditions. |
6 | informational | Informational messages. |
7 | debugging | Debugging messages. |
The amount of information that is sent to the SYSLOG server depends on the level shown in Table 15-2.
NOTE
The higher the level, the more information is sent to the SYSLOG server. For example, if you choose level 5, level 6 and level 7 are also sent to the server.
Example 15-1 shows how to configure a router to send only warnings.
RouterA#conf t Enter configuration commands, one per line. End with CNTL/Z. RouterA(config)#
logging 150.100.1.242 RouterA(config)#
logging trap warnings RouterA(config)#
end RouterA#
When interface Ethernet0/1 is configured, a message is sent to the SYSLOG server, as you can see in Figure 15-2.
When the configuration is changed on the router so that it sends more information to the server, the configuration looks like Example 15-2.
RouterA#conf t Enter configuration commands, one per line. End with CNTL/Z. RouterA(config)#
logging 150.100.1.242 RouterA(config)#
logging trap informational RouterA(config)#
end RouterA#
The output of the SYSLOG server also looks different if you repeat the same action on the interface of that router, as shown in Figure 15-3.
As you can see in Figure 15-3, there is now more information (two additional messages) sent to the SYSLOG server than when only the warning level was activated.
NOTE
Keep in mind that the more information you send to the server, the more memory you use on the router. Traffic on the network is also increased. It is important to find a good balance among information, memory, and traffic.
![[View full size image]](/image/library/english/13756_15fig02_alt.jpg;380136){kind=link}
![[View full size image]](/image/library/english/13756_15fig03_alt.jpg;380136){kind=link}