syslog messages

Answered Question
Jun 24th, 2009
User Badges:
  • Bronze, 100 points or more

Hi every body!


My book says syslog messages are sent to console automatically. Any remote user(telnet/ssh) can view log messages by simply using the" terminal monitor" command.

My question is if i telnet into router and " terminal monitor" command is not configured,further more one of the interface goes down, will syslog messages appear on my ( telnet/ssh) computer( telnet client)?



My understanding is syslog messages generated as a result of " debug" commands will not be sent to telnet lines unless we configure " terminal monitor" command. other syslog messages resulted for example when the int goes down, are sent to telnet lines.


Any correction will be appreciated.

thanks a lot!


Correct Answer by Giuseppe Larosa about 7 years 11 months ago

Hello Edison,


2)

I think that is 0 up to specified level because lower number is more important/more impact


at least on cisco routers


Hope to help

Giuseppe


Correct Answer by Edison Ortiz about 7 years 11 months ago

2)


No, it will cover severity 6 and up.

If you use Emergency (0), it will cover all of them 0 - 7.


3)

That command is for controlling what messages are sent to the console in order to avoid a console being stuck due to overflow of messages (DoS).


4)

The command you described before will do this for you.


http://www.cisco.com/en/US/docs/ios/netmgmt/command/reference/nm_09.html#wp1057753


As you stated, the default is 'all messages'.


5) It's written to memory, not a filesystem. To view log messages, type 'show log'.


HTH,


__


Edison.

Correct Answer by Giuseppe Larosa about 7 years 11 months ago

Hello Sarah,

this is something you can test in your home lab.

terminal monitor copies on the vty session (telnet or ssh) what is sent to the console.


As Toshi notes there are other commands that tell what type of messages to send to a syslog destination.


so if you use

logging console informational


terminal monitor


and you have any debug for example of RIP you don't see lines from the debug


if you use

logging console debugging


you start to see on the same vty the debug messages


Notice that for the router sending all these syslog messages on the vty is an heavy task.


There are scenarios where to collect log messages on a syslog server we need to completely disable console logging otherwise the cpu is too high.


Hope to help

Giuseppe


Correct Answer by thotsaphon about 7 years 11 months ago

Zeeshan,

You need to add "terminal monitor" command to see logging messages when you login to the router via telnet. Otherwise you won't see anything. Not just debugging level,all of severity levels will be showed as well if you had "logging console debug" on.


HTH,

Toshi

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (4 ratings)
Loading.
Correct Answer
thotsaphon Wed, 06/24/2009 - 20:26
User Badges:
  • Gold, 750 points or more

Zeeshan,

You need to add "terminal monitor" command to see logging messages when you login to the router via telnet. Otherwise you won't see anything. Not just debugging level,all of severity levels will be showed as well if you had "logging console debug" on.


HTH,

Toshi

sarahr202 Wed, 06/24/2009 - 21:25
User Badges:
  • Bronze, 100 points or more

Hi Toshi.

thanks for your reply.

so in order to receive syslog messages via telnet, we need two commands:

terminal monitor

logging console debug


will the command" terminal monitor" not suffice? because my book says the command " terminal monitor" will cause router/switch to send syslog message via telnet. The book does not indicate anything about the other comman' logging console debug"


thanks !

Correct Answer
Giuseppe Larosa Wed, 06/24/2009 - 21:51
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Sarah,

this is something you can test in your home lab.

terminal monitor copies on the vty session (telnet or ssh) what is sent to the console.


As Toshi notes there are other commands that tell what type of messages to send to a syslog destination.


so if you use

logging console informational


terminal monitor


and you have any debug for example of RIP you don't see lines from the debug


if you use

logging console debugging


you start to see on the same vty the debug messages


Notice that for the router sending all these syslog messages on the vty is an heavy task.


There are scenarios where to collect log messages on a syslog server we need to completely disable console logging otherwise the cpu is too high.


Hope to help

Giuseppe


sarahr202 Thu, 06/25/2009 - 08:06
User Badges:
  • Bronze, 100 points or more

Thanks giuseppe.


Few more questions based on your reply and some research i did.


http://www.ciscopress.com/articles/article.asp?p=426638


The following link describes the syslog protocol. Though the link did not describe how the seveirty level corresponds with integer value 1.e does higher the integer mean higher the severity etc. But it appears to me lesser the integer value , higher the severity. For example:



0 Emergency: System is unusable.



1 Alert: Action must be taken immediately.




3 Critical: Critical conditions.

========================================





2) if i configure;

logging console informational


This command will instruct the router/switch to send syslog messages with severity level upto informational,that is syslog messages with severity level 0 through 6.


Am i correct?



3)the command "logging console informational" is only valid for vty lines , that is it controls what severity level of syslog messages should be sent to vty lines. It has no bearing on console line.


4)By default, all syslog messages( all severity levels) are sent to console. is there any way we can control syslog messages with particular severity level be sent to console .


5)how can we view the file that store the syslog messages locally?

Thanks a lot and have a nice day!


Correct Answer
Edison Ortiz Thu, 06/25/2009 - 08:12
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

2)


No, it will cover severity 6 and up.

If you use Emergency (0), it will cover all of them 0 - 7.


3)

That command is for controlling what messages are sent to the console in order to avoid a console being stuck due to overflow of messages (DoS).


4)

The command you described before will do this for you.


http://www.cisco.com/en/US/docs/ios/netmgmt/command/reference/nm_09.html#wp1057753


As you stated, the default is 'all messages'.


5) It's written to memory, not a filesystem. To view log messages, type 'show log'.


HTH,


__


Edison.

Correct Answer
Giuseppe Larosa Thu, 06/25/2009 - 08:45
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Edison,


2)

I think that is 0 up to specified level because lower number is more important/more impact


at least on cisco routers


Hope to help

Giuseppe


Edison Ortiz Thu, 06/25/2009 - 09:08
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

Guiseppe,


Stand corrected, not sure what I was thinking.


The lower the level you set on the logging, the less noise you get on the service.


Sarah, setting Level 0 will only create a logging output for that level 0. Setting Level 1 will create a logging output for Level 0 and 1. Sorry for the erroneous post.



Thanks for catching that.



sarahr202 Thu, 06/25/2009 - 08:57
User Badges:
  • Bronze, 100 points or more

Thanks Edison.

I quoted you below for easy reference.



"2)


No, it will cover severity 6 and up.

If you use Emergency (0), it will cover all of them 0 - 7."



But the link you forwarded says;


"The following example shows how to change the level of messages sent to the console terminal (TTY lines) to alerts, meaning that messages at levels 0 and 1 are sent:


Router(config)# logging console alerts "


==================================


Thanks Edison.


Actions

This Discussion