Configuring UNIX Syslog Servers

The next sections describe how to configure the UNIX server syslog daemon and define the UNIX system logging facility.

Logging Messages to a UNIX Syslog Daemon

Note

Before you can send system log messages to a UNIX syslog server, you must configure the syslog daemon on a UNIX server. Log in as root, and perform these steps:

Some recent versions of UNIX syslog daemons no longer accept by default syslog packets from the network. If this is the case with your system, use the UNIX man syslogd command to determine what options must be added to or removed from the syslog command line to enable logging of remote syslog messages.

Step 1 Add a line such as the following to the file /etc/syslog.conf:

local7.debug /usr/adm/logs/cisco.log

The local7 keyword specifies the logging facility to be used; see Table 21-4 on page 21-12 for information on the facilities. The debug keyword specifies the syslog level; see Table 21-3 on page 21-9 for information on the severity levels. The syslog daemon sends messages at this level or at a more severe level to the file specified in the next field. The file must already exist, and the syslog daemon must have permission to write to it.

Create the log file by entering these commands at the UNIX shell prompt:

Step 2

$ touch /var/log/ cisco.log $ chmod 666 /var/log/cisco.log

Step 3 Make sure the syslog daemon reads the new changes by entering this command:

For more information, see the man syslog.conf and man syslogd commands on your UNIX system.

Configuring the UNIX System Logging Facility

When sending system log messages to an external device, you can cause the switch to identify its messages as originating from any of the UNIX syslog facilities.

Beginning in privileged EXEC mode, follow these steps to configure UNIX system facility message logging:

Command

Purpose

Step 1 Step 2

configure terminal

Enter global configuration mode.

logging host

Log messages to a UNIX syslog server host by entering its IP address.

To build a list of syslog servers that receive logging messages, enter this command more than once.

Step 3 logging trap level

Limit messages logged to the syslog servers.

Be default, syslog servers receive informational messages and lower. See Table 21-3 on page 21-9 for level keywords.

Command

Purpose

Step 4

logging facility facility-type

Configure the syslog facility. See Table 21-4 on page 21-12 for facility-type keywords.

The default is local7.

Step 5

end

Return to privileged EXEC mode.

Step 6

show running-config

Verify your entries.

Step 7

copy running-config startup-config

(Optional) Save your entries in the configuration file.

To remove a syslog server, use the no logging host global configuration command, and specify the syslog server IP address. To disable logging to syslog servers, enter the no logging trap global configuration command.

Table 21-4 lists the UNIX system facilities supported by the Cisco IOS software. For more information about these facilities, consult the operator's manual for your UNIX operating system.

Table 21-4 Logging Facility-Type Keywords

Facility Type Keyword

Description

auth

Authorization system

cron

Cron facility

daemon

System daemon

kern

Kernel

local0-7

Locally defined messages

lpr

Line printer system

mail

Mail system

news

USENET news

sys9

System use

sys10

System use

sys11

System use

sys12

System use

sys13

System use

sys14

System use

syslog

System log

user

User process

uucp

UNIX-to-UNIX copy system

0 0

Post a comment