Configuring UNIX Syslog Servers

The next sections describe how to configure the UNIX server syslog daemon and define the UNIX system logging facility.

Logging Messages to a UNIX Syslog Daemon


Before you can send system log messages to a UNIX syslog server, you must configure the syslog daemon on a UNIX server. Log in as root, and perform these steps:

Some recent versions of UNIX syslog daemons no longer accept by default syslog packets from the network. If this is the case with your system, use the UNIX man syslogd command to determine what options must be added to or removed from the syslog command line to enable logging of remote syslog messages.

Step 1 Add a line such as the following to the file /etc/syslog.conf:

local7.debug /usr/adm/logs/cisco.log

The local7 keyword specifies the logging facility to be used; see Table 21-4 on page 21-12 for information on the facilities. The debug keyword specifies the syslog level; see Table 21-3 on page 21-9 for information on the severity levels. The syslog daemon sends messages at this level or at a more severe level to the file specified in the next field. The file must already exist, and the syslog daemon must have permission to write to it.

Create the log file by entering these commands at the UNIX shell prompt:

Step 2

$ touch /var/log/ cisco.log $ chmod 666 /var/log/cisco.log

Step 3 Make sure the syslog daemon reads the new changes by entering this command:

For more information, see the man syslog.conf and man syslogd commands on your UNIX system.

Configuring the UNIX System Logging Facility

When sending system log messages to an external device, you can cause the switch to identify its messages as originating from any of the UNIX syslog facilities.

Beginning in privileged EXEC mode, follow these steps to configure UNIX system facility message logging:



Step 1 Step 2

configure terminal

Enter global configuration mode.

logging host

Log messages to a UNIX syslog server host by entering its IP address.

To build a list of syslog servers that receive logging messages, enter this command more than once.

Step 3 logging trap level

Limit messages logged to the syslog servers.

Be default, syslog servers receive informational messages and lower. See Table 21-3 on page 21-9 for level keywords.



Step 4

logging facility facility-type

Configure the syslog facility. See Table 21-4 on page 21-12 for facility-type keywords.

The default is local7.

Step 5


Return to privileged EXEC mode.

Step 6

show running-config

Verify your entries.

Step 7

copy running-config startup-config

(Optional) Save your entries in the configuration file.

To remove a syslog server, use the no logging host global configuration command, and specify the syslog server IP address. To disable logging to syslog servers, enter the no logging trap global configuration command.

Table 21-4 lists the UNIX system facilities supported by the Cisco IOS software. For more information about these facilities, consult the operator's manual for your UNIX operating system.

Table 21-4 Logging Facility-Type Keywords

Facility Type Keyword



Authorization system


Cron facility


System daemon




Locally defined messages


Line printer system


Mail system




System use


System use


System use


System use


System use


System use


System log


User process


UNIX-to-UNIX copy system

0 0

Post a comment