Syslog Overview


What is Syslog?

Syslog is a logging mechanism which collects logs about the system and provides them to the system administrator. With this logging mechanism, network management and troubleshooting activities get easier. We can use a Syslog Server to store these logs.


You can also check Cisco Syslog Configuration Example.


Syslog provides log information in different levels. There are 8 levels of syslog. These levels are given below:

  • 0, Emergency
  • 1, Alert
  • 2, Critical
  • 3, Error
  • 4, Warning
  • 5, Notification
  • 6, Informational
  • 7, Debug




These levels show all the critical message for the system beside the normal system messages. The importance of these logs starts from 0. 0 is the most important syslog log. It is emergency. After emergency, other seven logs are ordered. The least important log is debug. Debug syslog message is 7.


Let’s explain syslog levels with an analogy :)




We hope you never get Critical, Alert, Emergency alarms in this case :)



Syslog Message Format

 Syslog messages are sent in a format. This format can a little change in different systems but generally the concept is similar. Below, you can find an example syslog message format:


seq no:timestamp: %facility-severity-MNEMONIC:description


At the beginning of a syslog message, there is a sequence number. Then a time stamp which shows the exact time of the event is used. After that the facility which shows the source of the syslog message is used. Then, severity level is mentioned. As we have mentioned before, there are eight severity levels. One of these levels is used here. After severity, the keyword which defines the syslog message specifically is used as mnemonic. Lastly, a detailed description is used for the event.



How to Display Syslog Message

There are different alternatives to display syslog messages. These are given below:

  • Console lines
  • VTY Lines
  • Buffer
  • SNMP Server
  • External Syslog Server


Console lines show syslog messages during console connection. By default, it displays eight severity levels.


VTY lines show syslog messages during Telnet/SSH connection. By default, it is disabled. To enable it, you should use “terminal monitor” command.


If Buffer is used for syslog message, RAM is used. It is limited. It displays eight levels by default.


SNMP Server can be also a destination for syslog messages. And according to these messages, system can be monitored and proactive engineering can be done.


The best option to store syslog messages is using separate External Syslog Server. Because, after a while, log size can be large and it can cause a memory problem.



Cisco Syslog Configuration

By default, syslog is enabled on Cisco devices. If it is not enables, you can manually enable syslog. To do this, you can use “logging on” command.


Router (config)# logging on


If you would like to disable syslog, you can use “no logging on” command.


Router (config)# no logging on


To configure a Syslog Server as a best practice to store syslog message, you should give the ip address o0f the syslog server. For example, if your syslog server ip address is, you can use “logging” command.


Router (config)# logging


During troubleshooting or daily routine configuration practices, maybe you do not want to see all the severity levels on the logs. So, you can change the severity levels that will be displayed as logs. To do this, you can use “logging trap” command with the desired severity and upper severity layers.


Below, we will set the severity level tom critical. SO, we will see critical, alert and emergency level events in the logs.


Router (config)# logging trap critical


To see the logs on a Cisco router, you can use “show logging” command.


Router # show logging


Logs messages divide your commands if you do not synchronize it. And when it divides your commands, then you can do a wrong configuration. Because, the syslog messages anfd your configuration commands are mixed. So, to avoid this, you should synchronize the logs. with “logging synchronous” command under the line console connection.


Router (config)# line console 0

Router (config-line)# logging synchronous

Router (config-line)# exit


After this configuration, syslog message do not divide your commands during the configuration.


In this lesson, we have explained what is syslog and how to use syslog server on Cisco devices.


Back to: CCNA 200-301 > Network Management

Leave a Reply

Your email address will not be published. Required fields are marked *

CCNA 200-301