Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

Logging facility command

Hello everyone,

I was hoping someone could shed some light on this command for me. I am setting up a syslog server on all the switches ( 3524xl, 3550-48-SMI switches ) and not sure how to use a command. I've set the IP address of the server, set the service timestamps log (and debug) datetime msec localtime but I am confused on setting the facility command. Right now I have it set for logging facility local3 (seen it on another switch but not sure why it is set to local3). Can someone give a quick definition about the facility. Any recommendations on what it should be?

I've read the default is local7.

Thanks again for all your help,

Matt

5 REPLIES

Re: Logging facility command

Facility maps to the level of logging. Here's a link on the levels.

http://cisco.com/en/US/docs/switches/lan/catalyst5000/catos/6.x/command/reference/set_m_pa.html#wp1050256

Depending on how much you want to see (the higher you go the more you will see) is where you should set your logging. A good place to start would be 3 or 4 and adjust to fit your needs.

HTH and please rate.

Silver

Re: Logging facility command

That is not correct.

This "logging facility localx" is useless

if you syslog server is a windows machine.

Facility is like a file handle in Unix/Linux

and it applies only to syslog server running

on Linux/Unix.

Let say if you set "logging facility local3"

on your router. Now on your Linux, you have

the following in your /etc/syslog.conf:

local3.* /var/log/cisco.log

What it means is that syslog messages level 6,

default, will be send to the Linux box /var/log/cisco.log file.

By default, cisco router will send syslog message level 6 and higher to the /var/log/cisco.log file. If you want to see

only syslog level 4,3,2 and 1, you need to do this:

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime

logging trap warnings

Does it make sense?

CCIE Security

New Member

Re: Logging facility command

So, if I'm understanding this...

I don't even need the logging facility command.

If I use the logging trap command it will send whatever I state and higher warnings. So If I did use logging trap warnings, that would send me the following messages...warnings, error, critical, alert and emergency.

Would that be correct?

Thanks for your input,

Matt

Re: Logging facility command

Yes that is correct.

Silver

Re: Logging facility command

"logging trap 6" is ON by default on Cisco IOS

devices.

For enterprise environments, we use

syslog next-generation (syslog-ng) which run

on Unix/Linux, mine is Gentoo Linux which works

extremely well. You can all ALL your cisco,

Juniper, Checkpoint, Unix devices going to

to syslog-ng. Syslog-ng has built-in features

to parse the log and place these logs in

appropriate files for you. In other words,

each device will be stored in each own

separate file. Furthermore, you can

dump the log messages into its separate MySQL

tables. The old syslog can not provide

this function unless you write your own

Perl script to do it. Everything is

built-in with syslog-ng.

4128
Views
4
Helpful
5
Replies
CreatePlease to create content