Whenever we teach our Hands-On courses, we always have a section of the course that discusses troubleshooting the network or technology the class is learning. A key part of troubleshooting any network is knowing the technology, no argument. But even the masters of technologies like Multicasting, or IP Networking, or MPLS, still can benefit from having a record of the events that led up to a given point in time, or provide us with a sequence of steps that may have relevance with regard to what has to be corrected or modified during the troubleshooting process.
Cisco IOS supports this ability via its Logging function. Even so, few network operators or network administrators properly configure and utilize logging to their advantage.
The good news is it is simple to use. Also, it is fairly feature rich. So let’s look at how you configure and utilize Cisco Logging. The “logging” command itself can be found in global configuration mode. The ‘show logging’ command can be used in priviledged mode only.
To start, look at the logging command. The options are displayed below:
cell_router(config)# logging ?
Hostname or A.B.C.D IP address of the logging host
buffered Set buffered logging parameters
buginf Enable buginf logging for debugging
cns-events Set CNS Event logging level
console Set console logging parameters
count Count every log message and timestamp last occurrence
exception Limit size of exception flush output
facility Facility parameter for syslog messages
history Configure syslog history table
host Set syslog server IP address and parameters
monitor Set terminal line (monitor) logging parameters
on Enable logging to all supported destinations
origin-id Add origin ID to syslog messages
rate-limit Set messages per second limit
reload Set reload logging level
server-arp Enable sending ARP requests for syslog servers when
first configured
source-interface Specify interface for source address in
logging transactions
trap Set syslog server logging level
userinfo Enable logging of user info on privileged mode enabling
Here are a few key tips on using logging:
The Cisco IOS enables logging to the console, monitor, and syslog by default. But there’s a catch: There’s no syslog host configured, so that output goes nowhere. There are eight different logging levels:
- 0-emergencies
- 1-alerts
- 2-critical
- 3-errors
- 4-warnings
- 5-notification
- 6-informational
- 7-debugging
The default level for console, monitor, and syslog is debugging. The ‘logging on’ command is the default. To disable all logging, use the ‘no logging on’ command. By default, the router logs anything at the level of debugging and greater. That means that logging occurs from level 7 (debugging) up to level 0 (emergencies). If you want to par down what the system logs, use something like the ‘logging console notifications’ command. In addition, the router doesn’t enable logging to the system buffer by default. That’s why you must use the ‘logging buffered’ command to enable it.
You can configure the router to send buffered logging of its events to the memory. (Rebooting the router will lose all events stored in the buffered log.) Here’s an example:
cell_router(config)# logging buffered 16384
You can also send the router’s events to a syslog server. This is an external server running on your network running on a Linux or Windows server. Because it’s external to the router, using a syslog server provides for centralized logging for all network devices and preserves events even if the router loses power. To configure syslog logging, all you need to do is use the logging command and the hostname or IP address of the syslog server. So, to configure your Cisco device to use a syslog server, use the following command:
cell_router(config)# logging 192.168.10.1 <— where the IP Address is the Server IP
To view the status of your logging as well as the local buffered log, use the show logging command. Here’s an example:
cell_router# show logging
Syslog logging: enabled (0 messages dropped, 207 messages rate-limited,
35 flushes, 0 overruns, xml disabled, filtering disabled)
Console logging: level debugging, 1693825 messages logged, xml disabled,
filtering disabled
Monitor logging: level debugging, 436 messages logged, xml disabled,
filtering disabled
Buffer logging: level debugging, 1693825 messages logged, xml disabled,
filtering disabled
Logging Exception size (4096 bytes)
Count and timestamp logging messages: disabled
Trap logging: level debugging, 2103254 message lines logged
Logging to 192.168.10.1, 2103254 message lines logged, xml disabled,
filtering disabled
Log Buffer (10000000 bytes):
Note that this router has enabled syslog logging and is sending it to host 192.168.10.1. In addition, console logging is at the debugging level, and the setting for local buffered logging is 10,000,000 bytes.
The following are common issues with logging and their fixes:
Not setting the terminal to monitor logging
If you Telnet into a router and can’t see some of the logging you’re expecting, check to see if you’ve set your terminal to monitor the logging. You can enable this with the terminal monitor command. To disable it, use the terminal no monitor command. To determine whether you’ve enabled monitoring, use the show terminal command, and look for the following:
Capabilities: Receives Logging Output
If you see this, you’re monitoring logging output. If it returns None for capabilities, then the monitoring is off.
Using the incorrect logging level
If you can’t see logging output, you should also check whether you’ve set the level correctly. For example, if you’ve set the console logging to emergencies but you’re running debugging, you won’t see any debugging output on the console. To determine the set level, use the show logging command. Keep in mind that you need to set the level to a higher number to see all levels below it. For example, setting logging at debugging shows you every other level. In addition, make sure you match the type of logging that you want to see with the level you’re configuring. If you configure monitor logging to debug but you’re on the console and you’ve set it to informational, you won’t see the debug output on the console.
Displaying the incorrect time and date in logs
You may see log messages that don’t exhibit the correct date and time. There are a variety of options to control the date and time that appear on logging output (either to the screen or to the buffer). To control this, use the following command:
cell_router(config)# service timestamps debug ?
datetime Timestamp with date and time
uptime Timestamp with system uptime
We hope this helps you master logging.