Syslog is a standard for logging messages describing important events on network equipment. These events are used for auditing to know what, when, and how the event happened.
The severity levels are for filtering Syslog events according to need. The levels go from 0 to 7:
By default, the router sends all messages to its console port. Therefore, only users connected to the router’s console port can see these messages.
Command to specify the severity level of messages that will appear on the console:
Switch(config)# logging console
The following command is to disable messages from being seen on the console port:
Switch(config)# no logging console
The switch stores log locally in a 4096 bytes buffer. When the buffer fills up, the new messages overwrite the older ones.
The buffer size ranges from 4096 to 2147483647. This value can be modified with the following command:
Switch(config)# logging buffered
Use this command to clear the internal buffer of the switch:
Switch# clear logging Clear logging buffered [confirm]
If you have an external Syslog server, messages can be forwarded with the following command:
Switch(config)# logging host
Configure what type of alarms are to be sent to the Syslog server:
Switch(config)# logging trap
The following command is to redirect messages to our SSH or telnet session:
Switch(config)# terminal monitor
Finally, the following command uses the switch clock as a timestamp for Syslog messages:
Switch(config)# service timestamps log datetime [ localtime] [ show-timezone] [ msec] [ year]
Switch# show logging