Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
10196
Views
4
Helpful
5
Replies

Logging facility command

mgalla3327
Level 1
Level 1

‎01-16-2008 08:11 AM - edited ‎03-05-2019 08:30 PM

Hello everyone,

I was hoping someone could shed some light on this command for me. I am setting up a syslog server on all the switches ( 3524xl, 3550-48-SMI switches ) and not sure how to use a command. I've set the IP address of the server, set the service timestamps log (and debug) datetime msec localtime but I am confused on setting the facility command. Right now I have it set for logging facility local3 (seen it on another switch but not sure why it is set to local3). Can someone give a quick definition about the facility. Any recommendations on what it should be?

I've read the default is local7.

Thanks again for all your help,

Matt

Labels:
0 Helpful
5 Replies 5

Collin Clark
VIP Alumni
VIP Alumni

‎01-16-2008 09:59 AM

Facility maps to the level of logging. Here's a link on the levels.

http://cisco.com/en/US/docs/switches/lan/catalyst5000/catos/6.x/command/reference/set_m_pa.html#wp1050256

Depending on how much you want to see (the higher you go the more you will see) is where you should set your logging. A good place to start would be 3 or 4 and adjust to fit your needs.

HTH and please rate.

0 Helpful

cisco24x7
Level 6
Level 6
In response to Collin Clark

‎01-16-2008 10:58 AM

That is not correct.

This "logging facility localx" is useless

if you syslog server is a windows machine.

Facility is like a file handle in Unix/Linux

and it applies only to syslog server running

on Linux/Unix.

Let say if you set "logging facility local3"

on your router. Now on your Linux, you have

the following in your /etc/syslog.conf:

local3.* /var/log/cisco.log

What it means is that syslog messages level 6,

default, will be send to the Linux box /var/log/cisco.log file.

By default, cisco router will send syslog message level 6 and higher to the /var/log/cisco.log file. If you want to see

only syslog level 4,3,2 and 1, you need to do this:

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime

logging trap warnings

Does it make sense?

CCIE Security

0 Helpful

mgalla3327
Level 1
Level 1
In response to cisco24x7

‎01-16-2008 12:39 PM

So, if I'm understanding this...

I don't even need the logging facility command.

If I use the logging trap command it will send whatever I state and higher warnings. So If I did use logging trap warnings, that would send me the following messages...warnings, error, critical, alert and emergency.

Would that be correct?

Thanks for your input,

Matt

0 Helpful

Collin Clark
VIP Alumni
VIP Alumni
In response to mgalla3327

‎01-16-2008 12:41 PM

Yes that is correct.

0 Helpful

cisco24x7
Level 6
Level 6
In response to Collin Clark

‎01-16-2008 01:42 PM

"logging trap 6" is ON by default on Cisco IOS

devices.

For enterprise environments, we use

syslog next-generation (syslog-ng) which run

on Unix/Linux, mine is Gentoo Linux which works

extremely well. You can all ALL your cisco,

Juniper, Checkpoint, Unix devices going to

to syslog-ng. Syslog-ng has built-in features

to parse the log and place these logs in

appropriate files for you. In other words,

each device will be stored in each own

separate file. Furthermore, you can

dump the log messages into its separate MySQL

tables. The old syslog can not provide

this function unless you write your own

Perl script to do it. Everything is

built-in with syslog-ng.

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card