01-16-2008 08:11 AM - edited 03-05-2019 08:30 PM
Hello everyone,
I was hoping someone could shed some light on this command for me. I am setting up a syslog server on all the switches ( 3524xl, 3550-48-SMI switches ) and not sure how to use a command. I've set the IP address of the server, set the service timestamps log (and debug) datetime msec localtime but I am confused on setting the facility command. Right now I have it set for logging facility local3 (seen it on another switch but not sure why it is set to local3). Can someone give a quick definition about the facility. Any recommendations on what it should be?
I've read the default is local7.
Thanks again for all your help,
Matt
01-16-2008 09:59 AM
Facility maps to the level of logging. Here's a link on the levels.
Depending on how much you want to see (the higher you go the more you will see) is where you should set your logging. A good place to start would be 3 or 4 and adjust to fit your needs.
HTH and please rate.
01-16-2008 10:58 AM
That is not correct.
This "logging facility localx" is useless
if you syslog server is a windows machine.
Facility is like a file handle in Unix/Linux
and it applies only to syslog server running
on Linux/Unix.
Let say if you set "logging facility local3"
on your router. Now on your Linux, you have
the following in your /etc/syslog.conf:
local3.* /var/log/cisco.log
What it means is that syslog messages level 6,
default, will be send to the Linux box /var/log/cisco.log file.
By default, cisco router will send syslog message level 6 and higher to the /var/log/cisco.log file. If you want to see
only syslog level 4,3,2 and 1, you need to do this:
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime
logging trap warnings
Does it make sense?
CCIE Security
01-16-2008 12:39 PM
So, if I'm understanding this...
I don't even need the logging facility command.
If I use the logging trap command it will send whatever I state and higher warnings. So If I did use logging trap warnings, that would send me the following messages...warnings, error, critical, alert and emergency.
Would that be correct?
Thanks for your input,
Matt
01-16-2008 12:41 PM
Yes that is correct.
01-16-2008 01:42 PM
"logging trap 6" is ON by default on Cisco IOS
devices.
For enterprise environments, we use
syslog next-generation (syslog-ng) which run
on Unix/Linux, mine is Gentoo Linux which works
extremely well. You can all ALL your cisco,
Juniper, Checkpoint, Unix devices going to
to syslog-ng. Syslog-ng has built-in features
to parse the log and place these logs in
appropriate files for you. In other words,
each device will be stored in each own
separate file. Furthermore, you can
dump the log messages into its separate MySQL
tables. The old syslog can not provide
this function unless you write your own
Perl script to do it. Everything is
built-in with syslog-ng.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide