Hi. Could you tell me what are the necessary items to log using cisco devices. My concern is basically limiting the log size but still identify config changes and who was the last one who logged in and i guess critical errors on the switch/router.
Thanks in advance.
On Cisco IOS devices you can set the severity level of messages generated for syslog. By setting the severity level to critical you would limit the volume of messages generated and receive the most critical event messages. If you set the severity level to warning or informational you would get a larger volume of messages and messages about a wider variety of things on the device.
You might consider setting the severity level to a more restrictive level for messages sent to an external syslog server where the volume of messages impacts the requirement for disk space to store the messages and set the severity level to something more inclusive for logging buffered where the messages are stored in a wrap around buffer and the volume of messages does not impact storage requirements. This would allow you to see more messages if there were some event that you need to investigate on the device.
Note that while there is a recent feature in IOS that allows writing messages in syslog when someone logs into the device there is not any mechanism for recording config changes in syslog. Recording config changes and login history is better accomplished by using the accounting funtion of AAA in IOS.