You want to send log messages to a remote syslog server.
Use the following command to send router log messages to a remote syslog server:
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#logging 172.25.1.1
Router(config)#end
Router#
Although configuring the router with a static IP address is the preferred method of configuring a syslog server, you can also specify a hostname to be resolved:
Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#ip host nms.oreilly.com 172.25.1.1 Router(config)#logging nms.oreilly.com Router(config)#end Router#
With this configuration, the router will attempt to resolve the server name that is provided. If the router cannot resolve the server name via DNS or static host lookup then the entry will fail. For more information about DNS and static hostnames, see Chapter 2.
Forwarding log messages to a remote syslog server has several advantages over just retaining log messages locally on the router. The primary advantage is that messages sent to the server are stored to disk. All other forms of router logging are lost when the router reloads, including vital log messages that occur just before a router crashes due to error.
Another advantage of using a remote syslog server is storage capacity. A router stores logging messages in internal system memory, which severely limits the number of log messages that can be stored. A syslog server, on the other hand, can store days', weeks', or even months' worth of log messages. It is not uncommon for an organization to retain a month or more of archived log messages for later examination.
Finally, being able to view log messages from all of your routers in a single location can be quite useful. Forwarding all router log messages to a common log file can assist in fault isolation, problem resolution, network forensics, and security investigations. In addition, parsing router log files using custom scripts can provide an excellent understanding of network health. Many network management software vendors now include tools to handle syslog messages.
The example below illustrates a router configured with two remote syslog servers:
Router>show logging
Syslog logging: enabled (0 messages dropped, 0 messages rate-limited, 0 flushes, 0
overruns)
Console logging: level debugging, 654 messages logged
Monitor logging: level debugging, 65 messages logged
Buffer logging: level debugging, 2 messages logged
Logging Exception size (4096 bytes)
Trap logging: level informational, 658 message lines logged
Logging to 172.25.1.1, 1 message lines logged
Logging to 172.25.1.3, 1 message lines logged
Log Buffer (4096 bytes):
Router>
The syslog protocol uses UDP port 514, and messages are forwarded asynchronously without acknowledgement from the server. In other words, communications between the router and server flow in a single direction with the server acting as a passive receiver.
Recipe 18.6; Recipe 18.9; Recipe 18.14
 |
|
|
| Top |