syslog messages

Answered Question
Jun 24th, 2009

Hi every body!

My book says syslog messages are sent to console automatically. Any remote user(telnet/ssh) can view log messages by simply using the" terminal monitor" command.

My question is if i telnet into router and " terminal monitor" command is not configured,further more one of the interface goes down, will syslog messages appear on my ( telnet/ssh) computer( telnet client)?

My understanding is syslog messages generated as a result of " debug" commands will not be sent to telnet lines unless we configure " terminal monitor" command. other syslog messages resulted for example when the int goes down, are sent to telnet lines.

Any correction will be appreciated.

thanks a lot!

I have this problem too.
0 votes
Correct Answer by Giuseppe Larosa about 7 years 6 months ago

Hello Edison,

2)

I think that is 0 up to specified level because lower number is more important/more impact

at least on cisco routers

Hope to help

Giuseppe

Correct Answer by Edison Ortiz about 7 years 6 months ago

2)

No, it will cover severity 6 and up.

If you use Emergency (0), it will cover all of them 0 - 7.

3)

That command is for controlling what messages are sent to the console in order to avoid a console being stuck due to overflow of messages (DoS).

4)

The command you described before will do this for you.

http://www.cisco.com/en/US/docs/ios/netmgmt/command/reference/nm_09.html#wp1057753

As you stated, the default is 'all messages'.

5) It's written to memory, not a filesystem. To view log messages, type 'show log'.

HTH,

__

Edison.

Correct Answer by Giuseppe Larosa about 7 years 6 months ago

Hello Sarah,

this is something you can test in your home lab.

terminal monitor copies on the vty session (telnet or ssh) what is sent to the console.

As Toshi notes there are other commands that tell what type of messages to send to a syslog destination.

so if you use

logging console informational

terminal monitor

and you have any debug for example of RIP you don't see lines from the debug

if you use

logging console debugging

you start to see on the same vty the debug messages

Notice that for the router sending all these syslog messages on the vty is an heavy task.

There are scenarios where to collect log messages on a syslog server we need to completely disable console logging otherwise the cpu is too high.

Hope to help

Giuseppe

Correct Answer by thotsaphon about 7 years 6 months ago

Zeeshan,

You need to add "terminal monitor" command to see logging messages when you login to the router via telnet. Otherwise you won't see anything. Not just debugging level,all of severity levels will be showed as well if you had "logging console debug" on.

HTH,

Toshi

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (4 ratings)
Loading.
Correct Answer
thotsaphon Wed, 06/24/2009 - 20:26

Zeeshan,

You need to add "terminal monitor" command to see logging messages when you login to the router via telnet. Otherwise you won't see anything. Not just debugging level,all of severity levels will be showed as well if you had "logging console debug" on.

HTH,

Toshi

sarahr202 Wed, 06/24/2009 - 21:25

Hi Toshi.

thanks for your reply.

so in order to receive syslog messages via telnet, we need two commands:

terminal monitor

logging console debug

will the command" terminal monitor" not suffice? because my book says the command " terminal monitor" will cause router/switch to send syslog message via telnet. The book does not indicate anything about the other comman' logging console debug"

thanks !

Correct Answer
Giuseppe Larosa Wed, 06/24/2009 - 21:51

Hello Sarah,

this is something you can test in your home lab.

terminal monitor copies on the vty session (telnet or ssh) what is sent to the console.

As Toshi notes there are other commands that tell what type of messages to send to a syslog destination.

so if you use

logging console informational

terminal monitor

and you have any debug for example of RIP you don't see lines from the debug

if you use

logging console debugging

you start to see on the same vty the debug messages

Notice that for the router sending all these syslog messages on the vty is an heavy task.

There are scenarios where to collect log messages on a syslog server we need to completely disable console logging otherwise the cpu is too high.

Hope to help

Giuseppe

sarahr202 Thu, 06/25/2009 - 08:06

Thanks giuseppe.

Few more questions based on your reply and some research i did.

http://www.ciscopress.com/articles/article.asp?p=426638

The following link describes the syslog protocol. Though the link did not describe how the seveirty level corresponds with integer value 1.e does higher the integer mean higher the severity etc. But it appears to me lesser the integer value , higher the severity. For example:

0 Emergency: System is unusable.

1 Alert: Action must be taken immediately.

3 Critical: Critical conditions.

========================================

2) if i configure;

logging console informational

This command will instruct the router/switch to send syslog messages with severity level upto informational,that is syslog messages with severity level 0 through 6.

Am i correct?

3)the command "logging console informational" is only valid for vty lines , that is it controls what severity level of syslog messages should be sent to vty lines. It has no bearing on console line.

4)By default, all syslog messages( all severity levels) are sent to console. is there any way we can control syslog messages with particular severity level be sent to console .

5)how can we view the file that store the syslog messages locally?

Thanks a lot and have a nice day!

Correct Answer
Edison Ortiz Thu, 06/25/2009 - 08:12

2)

No, it will cover severity 6 and up.

If you use Emergency (0), it will cover all of them 0 - 7.

3)

That command is for controlling what messages are sent to the console in order to avoid a console being stuck due to overflow of messages (DoS).

4)

The command you described before will do this for you.

http://www.cisco.com/en/US/docs/ios/netmgmt/command/reference/nm_09.html#wp1057753

As you stated, the default is 'all messages'.

5) It's written to memory, not a filesystem. To view log messages, type 'show log'.

HTH,

__

Edison.

Correct Answer
Giuseppe Larosa Thu, 06/25/2009 - 08:45

Hello Edison,

2)

I think that is 0 up to specified level because lower number is more important/more impact

at least on cisco routers

Hope to help

Giuseppe

Edison Ortiz Thu, 06/25/2009 - 09:08

Guiseppe,

Stand corrected, not sure what I was thinking.

The lower the level you set on the logging, the less noise you get on the service.

Sarah, setting Level 0 will only create a logging output for that level 0. Setting Level 1 will create a logging output for Level 0 and 1. Sorry for the erroneous post.

Thanks for catching that.

sarahr202 Thu, 06/25/2009 - 08:57

Thanks Edison.

I quoted you below for easy reference.

"2)

No, it will cover severity 6 and up.

If you use Emergency (0), it will cover all of them 0 - 7."

But the link you forwarded says;

"The following example shows how to change the level of messages sent to the console terminal (TTY lines) to alerts, meaning that messages at levels 0 and 1 are sent:

Router(config)# logging console alerts "

==================================

Thanks Edison.

Actions

This Discussion