What is Syslog?
Syslog (System logging) is a Layer4 protocol for producing and sending log/event information from Cisco, Unix/Linux, and Windows Devices systems to a centralized log/event message collector called Syslog Server.
Features of Syslog
Below are some important features of Syslog:
- The purpose of Syslog is for logs/errors management
- Syslog belongs to Layer4 of OSI Model
- Syslog servers listen on UDP port 514 for messages
- Syslog is a client push model
Syslog Logging Locations
The following are the different locations Syslog messages can be sent to:
- Console line: This means that Syslog messages will be displayed when connected to the device through the console port. Every message from level 0 to level 7 is displayed by default when connected to the CLI via the devices console port
- VTY lines: This is the next location where Syslog messages will be displayed in the CLI when connected to the device through Telnet or SSH. Logging to the VTY lines is disabled by default, hence Syslog messages will not be displayed if you are connecting to the device either through Telnet or SSH
- Buffer: In this location, Syslog messages will be stored in RAM. All messages from level 0 to level 7 will be displayed in the buffer by default. In order to view the message in the buffer, use the “show logging” command
- External server: The device can also be configured to send Syslog messages to an external server. This is very useful and important both in large networks and small networks. Having a central server for the Syslog messages makes network management and comparing the logs of multiple devices a lot easier
How to enable Syslog on Cisco Switches/Routers
R1(config)#logging host 12.12.12.99 (Enables Cisco Router to send all logs to a Syslog server at 12.12.12.99)