In this article I describe the Syslog of Cisco Router for CCNA exam. Syslog of Cisco Router are the events log which are captured for troubleshooting and other information of router. We can say Syslog of Cisco Router are the record of events occur in the operation of router functionality. The Syslog generally known as system log. Syslog of Cisco Router is a RFC 5424 standard protocol which collects the data of events happens in a router.
Syslog used for servers, computers, network devices and IOT devices. We concern about network devices like switch and routers. Syslog of Cisco Router are helpful to get information about device performance, health etc. The Syslog of Cisco router are helpful for troubleshooting and maintenance of router. In case of any fault occurs in the router the Syslog of Cisco Router can be used as reference logs for troubleshooting. I describe the Syslog of Cisco Router alongwith types of memory used by the router.
RAM
RAM is an acronym that stands for Random Access Memory. RAM of a router works like RAM of a computer. RAM is a volatile memory so it needs power all time. Router loads the IOS and the configuration file in RAM when the router is power on or reboot. It store the data like routing table and running config files. Data transfer speed of RAM of router is very fast. The running configuration remain save in the RAM or router until the power is available. Later these settings can be copied to start up configuration for future use. RAM stores data in power on condition of router. All data in RAM erased automatically if router is power off. The size of RAM in router is generally in MB. The size may be 16 MB, 32 MB.
RAM of a router keep the running configuration file, routing table and other information related to the interfaces of the router. When we works on CLI of a router actually we are working in the RAM of router. To take the back up configuration of Router, We need to copy the running configuration into startup configuration to save the current settings of the router. The startup configuration saved in the NVRAM which can be used later after rebooting the router.
ROM
ROM is acronym that stands for Read Only Memory. Data on ROM is write once only. After writing the data on ROM router can read the data but can not change it. ROM stores the bootstrap of IOS which is responsible to boot the router. Bootstrap find the IOS image file and run the IOS in RAM of router. ROM keep the instructions for POST process when router is power ON. ROM is chip on motherboard and it is programmed once only.
ROM is just like the BIOS system of the computer. The booting process starts from the ROM of the router. ROM is a non volatile memory which does not require any power all the time to keep save the information in it. We can not do any changes in the ROM of a router. The settings of ROM configured by the firm so it is generally known as a firmware. The another internal component of router is NVRAM which is very similar to the ROM.
NVRAM
NVRAM keep the startup configuration file which is a backup copy of the running configuration. For back up configuration of Router we need to copy the running configuration to the startup configuration. Every time when the router power on the settings of startup configuration loaded into the RAM of the router. NVRAM is also a non volatile memory similar to ROM. In switches NVRAM stores the information of VLANs. When we configure VLAN in a switch the VLAN configuration saved into the NVRAM memory of the switch. NVRAM stands for Nonvolatile Random Access Memory.
NVRAM is like RAM but it is non volatile memory. It means NVRAM stores the data after power of the router. NVRAM stores the startup config file. Startup config file contains the routing table and other configuration which was copied from a running config file. The difference between NVRAM and ROM is that the content of ROM can not be changed but the content of NVRAM is changeable. When router is power on it search the startup config file in NVRAM only.
Flash Memory
Flash memory is a kind of EEPROM. EEPROM stands for Electrically Erasable Programmable Read-Only Memory. The content of Flash memory can not be change like ROM. Flash memory stores the IOS image. The data of Flash memory remain unchanged when the router is reboot or power off. We can say the operating system of router IOS saved in the flash memory. Every time when a router is power on the IOS loaded into the RAM from the Flash memory. The IOS checks all the interface of router when loaded first time in the RAM. To know all the functions or internal component of router you can read the full article related to booting sequence here.
Syslog Servers
A syslog server configured in LAN to store the syslog of networking devices. Syslog servers save the consolidate logs from various sources into a single server. The devices are switches, routers and firewalls. Network devices send event messages to syslog server. When a user logging in router the event generated. Logging event save the logging details like time of logging, duration of logging etc. Generally the device itself save the event log. In a large network we use a separate syslog server. The Syslog server collects the data on UDP port 514 or TCP port 1468. syslog servers stores the event data in database application which make it easy to maintain and easy retrieval of data.
Syslog server generate alerts, notifications and alarm for different type of logs. the Syslog provide the information of critical situations, normal situation to the administrator so the issue can be resolve easily.
Syslog of Cisco router
The Syslog of Cisco router generated to inform about any event in network at a particular time. These log message stored in syslog server. Any time we can see these log messages for troubleshooting in network. Cisco network devices configured to generate syslog and forward them to syslog servers. The main four examples to collect messages from Cisco Router are shown in below image.
All system messages and event logs generated by IOS go out to console port by default and logged in RAM also. These message also send to VTY lines by using some commands.
Syslog message construction
Syslog of Cisco router consist many configuration messages in it. The very first thing is sequence number stamp. Sequence message number indicates the syslog sequence according to time. The second section of syslog is timestamp data which tells about the time of syslog generated. The third part of syslog is facility which tells syslog is belongs to which function. The fourth part is description which provides the detailed information about the syslog. Description tell what happens at that time and what is the reason behind the syslog generated. For example login failure is description.
Severity of syslog of cisco router
Severity of syslog of Cisco router is a single digit code in octate format. Octate format means the severity digit is from 0 to 7 number. The severity level are described in the below table
Severity level can be configured to display the message. For example for emergency syslog you have to configure the severity level 0. if you set the severity level 3 you will got the notification from 0 to 3 all. For setting severity level 3 you will got emergency, alert, critical and error. It means that if you set the severity level 7 you will got all notifications of syslog generated. It is all upto you what do you want to configure the severity of Cisco device.
Configuration the syslog of Cisco Router
Now you know that the Cisco Router send the event message according to severity level. The event syslog go to buffer memory and RAM. We can set these settings manually by using the following commands
Router> Router>en Router#config t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#hostname ccnatutorials ccnatutorials(config)#logging ? A.B.C.D IP address of the logging host buffered Set buffered logging parameters console Set console logging parameters host Set syslog server IP address and parameters on Enable logging to all enabled destinations trap Set syslog server logging level userinfo Enable logging of user info on privileged mode enabling ccnatutorials(config)#logging buffer ccnatutorials(config)#logging console ccnatutorials(config)#
We can see that the above command accepted by the router successfully. After running above command the event log syslog will come to console port and buffer. You can disable this setting by running below command
ccnatutorials(config)#no logging buffer ccnatutorials(config)#no logging console
We can see the event syslog of Cisco router by running below commands. These commands will execute in privilege command mode only.see the below example
ccnatutorials#show logging
Syslog logging: enabled (0 messages dropped, 0 messages rate-limited,
0 flushes, 0 overruns, xml disabled, filtering disabled)
No Active Message Discriminator.
No Inactive Message Discriminator.
Console logging: disabled
Monitor logging: level debugging, 2 messages logged, xml disabled,
filtering disabled
Buffer logging: disabled, xml disabled,
filtering disabled
Logging Exception size (4096 bytes)
Count and timestamp logging messages: disabled
Persistent logging: disabled
No active filter modules.
ESM: 0 messages dropped
Trap logging: level informational, 3 message lines logged
ccnatutorials#
It is all about we set the router logging settings. What if we want to set up a syslog sever particular. Here suppose we have set a syslog server for network devices. By running below command we can sett the destination for all the syslog of router. Here we take the server IP address 192.168.23.100 and running the below command in global configuration command mode.
ccnatutorials(config)#logging 192.168.23.100
Additional configuration for syslog of Cisco Router.To check the severity of logging event we have to run the following command
ccnatutorials(config)#logging trap ? debugging Debugging messages (severity=7) <cr> ccnatutorials(config)#
In this article the main thing is severity for ccna exam. You have to take attention on the various level of severity. I hope you found this article helpful. For any query or suggestion on this article you may contact us or drop a comment below. Your suggestions are always welcome by us.
