🖥️

Syslog Configuration on Cisco Devices

Jul 3, 2025

View transcript

Overview

This lecture covers Syslog configuration on Cisco devices using Packet Tracer and Boson NetSim, focusing on console, VTY, buffer, and external Syslog server logging.

Syslog Basics and Packet Tracer Lab

  • Syslog is used to record system log messages from network devices.
  • On Cisco devices, Syslog messages display by default on the console line.
  • Shutting down an interface generates two Syslog messages: one for the interface's administrative status and one for the protocol status.
  • Default severity level for these messages is level 5 (notice/notification).
  • Syslog messages may lack timestamps unless service timestamps log datetime msec is enabled.
  • Accurate device time is important for reliable log timestamps.

VTY Lines and Logging

  • Telnet connections use VTY lines, which do not display Syslog messages by default.
  • To enable log messages in a Telnet session, use the terminal monitor command.
  • The terminal monitor command only affects the current session.

Logging to Buffer and Syslog Server

  • Buffer logging is disabled by default on some routers in Packet Tracer.
  • Enable buffer logging with logging buffered <size>.
  • Default buffer logging level is debugging (shows all messages).
  • To send logs to an external Syslog server, use logging <IP address>.
  • Set Syslog server severity level using logging trap debugging.

Boson NetSim Lab Demo (ENCOR/CCNP)

  • Configure devices to ping and send Syslog messages to the Syslog server.
  • logging <IP address> or logging host <IP address> both configure Syslog server destination.
  • There are 8 Syslog severity levels (0–7), lower numbers indicate higher severity.
  • Limiting log messages to level 1 (alerts) shows fewer messages than level 7 (debugging).
  • Set device to log only warnings or higher using logging trap warnings.
  • Configuration is verified with show logging.

Key Terms & Definitions

  • Syslog — A protocol for logging system messages from network devices.
  • Severity Level — Numeric value (0–7) indicating the importance of Syslog messages; lower numbers are more critical.
  • Console Line — Direct device connection showing messages by default.
  • VTY Lines — Virtual terminal lines for remote access (e.g., Telnet, SSH).
  • Buffer Logging — Stores log messages in device memory.
  • Syslog Server — External server receiving log messages from network devices.

Action Items / Next Steps

  • Practice Syslog configuration in Packet Tracer or Boson NetSim.
  • Review Telnet/SSH configurations for remote access.
  • Ensure accurate time settings on your network devices for timestamped logging.

Full transcript