Syslog

SYSLOG

• Logging standard
• 3 components to logging
  • Application
  • Syslog
  • Logging database
• UDP 514
• Can use TCP/SSL

SYSLOG Formating

• Messages contain a facility
  • Type of device
• Messages contain a severity
  • Criticallity of message
• Unique syslog IDs

Example:

Oct 31 04:20:13: %OSPF-5-ADJCHG:Process 12, Nbr 172.28.28.1 on Serial 0/0 from FULL to DOWN, Neighbor Down: Dead timer expired Oct 31 04:20:13: %OSPF-5-ADJCHG: Process 12, Nbr 172.28.28.1 on ...

SYSLOG Severity Levels

0. Emergency
1. Alert
2. Critical
3. Error
4. Warning
5. Notice
6. Informational
7. Debug

• 8 levels of severity
• When you are managing network equipment, if you are looking through the events, and you do not want that particular message anymore, you can disable the message all together or you can change its severity level
  • If particular vendor rates this at a level that you think its to severe, you can move it for example to level 4 up to level 6.