Aut inveniam viam aut faciam

v5 Written and Lab: Logging Notes

v5 Written: 6.1.c Implement and troubleshoot logging
6.1.c [i] Local logging, syslog, debug, conditional debug
6.1.c [ii] Timestamps

v5 Lab: 5.1.c Implement and troubleshoot logging
5.1.c [i] Local logging, syslog, debug, conditional debug
5.1.c [ii] Timestamp

Documents:

Basic System Management Configuration Guide, Cisco IOS Release 15M&T, Troubleshooting and Fault Management, Logging System Messages, pgs. 107 – 113

Basic System Management Configuration Guide, Cisco IOS Release 15M&T, Troubleshooting and Fault Management, Enabling Debug Operations, pgs. 120 – 125

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/bsm/configuration/15-mt/bsm-15-mt-book.html

Catalyst 3750-X and 3560-X Software Configuration Guide, Release 15.0(1)SE, Chapter 34: Understanding System Message Logging, pgs. 34-1 to 34-17

Catalyst 3750-X and 3560-X Software Configuration Guide, Release 15.0(1)SE,
Chapter 52: Troubleshooting, Using Debug Commands, pgs. 52-20 to 52-22

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750x_3560x/software/release/15-0_1_se/configuration/guide/3750xcg.html

Books:

CCIE Routing and Switching Exam Certification Guide 4th Ed; Chapter 5: IP Services, Syslog, pgs. 159 – 160

Routing TCP / IP Volume II; Chapter 9 Router Management, Logging, Syslog, pgs. 744 – 750f

Router-Bits Handbook; Syslog, pgs. 326 – 327

INE:

INE R&S Workbook Vol I
– System Management
– 12.2 – System Management Logging
– 12.3 – Syslog Logging
– 12.4 – Logging Counging and Timestamps
– 12.5 – Logging to Flash Memory
– 12.6 – Configuration Change Notification and Logging
– 12.8 – Logging with Access-Lists

RFC 5424 – The Syslog Protocol

Uses UDP port 514

Logging options:
– Internal buffer: allocates a small part of memory to log messages
– Syslog: send messages to an external device for storing

Tip: Make sure the device is configured for the right date, time, and timezone

Example:

conf t
service timestamps log datetime msec localtime show-timezone
service timestamps debug datetime msec localtime show-timezones
logging
logging trap 6

Message levels:
– Emergancy 0
– Alert 1
– Critical 2
– Error 3
– Warning 4
– Notice 5
– Informational 6
– Debug 7

logging facility
– local 0 – 7

local 7 is the default facility

show logging

Warning: the debug process is assigned a high CPU priority

By default, Cisco routers and switches do not log events to nonvolatile memory;
– can be configured to do so
– logging buffered

Examples:

logging on
logging buffered 8192 debugging
logging console debugging
logging rate-limit console all 1
logging monitor informational

line con 0
logging sysnchronous

logging queue-limit trap 256
logging origin-id string ROUTER4
logging facility local1
logging trap notifications
logging source-interface lo0
logging host 1.1.1.1 transport tcp port 500

service timestamps debug uptime
service timestamps log uptime
service sequence-numbers
logging count

show logging
show logging count

#mkdir flash0:/var
#mkdir flash0:/var/log
#conf t

logging file flash0:/var/log/syslog 32768 notifications
logging on

In IOS 15 M&T, logging to flash changed to:

logging persistent url flash0:/var/log/syslog size 32768 filesize 32768

show logging
more flash0:/var/log/syslog

archive
log config
logging enable
logging size 1000
notify syslog
hidekeys

show archive log config all
show archive log config statistics
show archive log config all provisioning

ip access-list extended LOGGING
permit udp any any eq rip log-input
permit ip any any

int fa0/1
ip access-group LOGGING in

ip access-list logging interval 10
ip access-list lop-update threshold 2

System process –> Logger
– Looks for messages (debug, error, informational) queued via the kernel by other processes and outputs them to the console, and, optionally, to a remote syslog server;

Comments are closed.

This entry was posted on Sunday, June 22nd, 2014 at 3:10 am and is filed under CCIE. You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.