Complete these instructions to configure IOS devices. In order to ensure that logging is enabled, issue the logging on command. In order to specify the Essentials server that is to receive the router syslog messages, issue the logging ip_address command. ip_address is the address of the server that collects the syslog messages. In order to limit the types of messages that can be logged to the Essentials server, set the appropriate logging trap level with the logging trap informational command. The informational portion of the command signifies severity level 6. This means all messages from level 0-5 (from emergencies to notifications) are logged to the Essentials server. Valid logging facilities are local0 through local7. Valid levels are: emergency alert critical error warning notification informational debug In order to verify if the device sends syslog messages, run the sh logging command. You see all the syslog messages that are sent. If you do not see syslog messages, ensure that this is configured: Complete these steps: Ensure sure logging is enabled with the set logging server enable command. Specify the Essentials server that is to receive the router syslog messages, with the logging server_ip command. server ip is the IP address of the Essentials server. Limit the types of messages logged to the Essentials server. Enter set logging level informational, where informational signifies severity level 6. This means that all messages from level 0-5 (from emergencies to notifications) are logged to the Essentials server. In order to see if syslog messages are sent, use the sh logging buffer command. You see syslog messages that are sent. If you experience problems with switches, try this configuration: Enter sh logging You see this output: As root on SunOS, modify the /etc/syslog.conf file with commands to sort out the syslog messages from the source devices and to determine which logging facilities (levels) go in which files. You can make a back up of this file prior to modifications. There must be a tab between the logging facility level and file name. The file must exist and be writeable. The #Comment section at the start of syslog.conf explains syntax for the system. Do not put file information in the ifdef section. Syslogd must be restarted, by root, to acquire changes. Ensure that the entry and the log file in the syslog.conf file are TAB-separated. Spaces do not work. Read the main page for syslog.conf for more information (main syslog.conf). Examples If /etc/syslog.conf is set for then the warning, error, critical, alert, and emergency messages come in on the local7 logging facility are logged in the local7.warn file. However, the notification, informational, and debug messages come in on the local7 facility and are not logged anywhere. If /etc/syslog.conf is set for then the debug, informational, notification, warning, error, critical, alert, and emergency messages come in on the local7 logging facility are logged to the local7.debug file. If /etc/syslog.conf is set for then the warning, error, critical, alert, and emergency messages come in on the local7 logging facility are logged in the local7.warn file and the debug, informational, notification, warning, error, critical, alert, and emergency messages come in on the local7 logging facility are logged to the local7.debug file. (In other words, some messages go to both files!). If /etc/syslog.conf is set for then all message levels from all logging facilities go to this file. For RME syslog facility the important line in syslog.conf is local7.info /var/log/nmslog. This is the file location you specify in Resource Manager Essentials (RMEs) syslog setup. In order to ensure that timestamp is enabled, issue the following command, ensuring that set time and set timezone are correct: In order to ensure the correct time is displayed, issue the following command, ensuring that set clock has correct time in enable mode and correct timezone is specified in with set clock timezone in global config: Note: Check DATE on the device. If the timestamp on the device is older than the timestamp on the RME machine, the log messages will be put in the unexpected device category. Ensure that the date/time information on the client machine is accurate. Otherwise, RME reports no records in the Standard report and other reports. On the global configuration on the router, ensure that you have the following: Step-by-Step Instructions to Configure IOS Devices
Router(config)# logging on
Router(config)# logging 1.1.1.1
Router(config)#logging trap informational
logging on
logging console debug
logging monitor debug
logging trap debug Step-by-Step Instructions to Configure Catalyst Devices
Catalyst> (enable) set logging server enable
Catalyst> (enable) set logging server 1.1.1.1
Catalyst> (enable) set logging server severity 6
set logging level all 7 default
set logging server enable
set logging server 1.1.1.1 (your unix syslog server ip address)
set logging server facility LOCAL7
set logging server severity 7
#syslog set logging console enable
set logging server enable
set logging server 1.1.1.1
set logging level cdp 7 default
set logging level mcast 7 default
set logging level dtp 7 default
set logging level dvlan 7 default set logging level earl 7 default
set logging level fddi 7 default
set logging level ip 7 default
set logging level pruning 7 default
set logging level snmp 7 default
set logging level spantree 7 default
set logging level sys 7 default
set logging level tac 7 default
set logging level tcp 7 default
set logging level telnet 7 default
set logging level tftp 7 default
set logging level vtp 7 default
set logging level vmps 7 default
set logging level kernel 7 default
set logging level filesys 7 default
set logging level drip 7 default
set logging level pagp 7 default
set logging level mgmt 7 default
set logging level mls 7 default
set logging level protfilt 7 default
set logging level security 7 default
set logging level radius 7 default
set logging level udld 7 default
set logging level gvrp 7 default
set logging server facility LOCAL7
!
Logging buffer size: 500
timestamp option: enabled
Logging history size: 1
Logging console: enabled
Logging server: enabled
{1.1.1.1}
server facility: LOCAL7
server severity: debugging(7)
Current Logging Session: enabled How to Configure Syslog
local7.warn /var/log/local7.warn
!--- Note: there must be a TAB character between the filename and the logging level
local7.debug /var/log/local7.debug
!--- Note: there must be a TAB character between the filename and the logging level
local7.warn /var/log/local7.warn
!--- Note: there must be a TAB character between the filename and the logging level
local7.debug /var/log/local7.debug
!--- Note: there must be a TAB character between the filename and the logging level
*.debug /var/log/all.debug
!--- Note: there must be a TAB character between the filename and the logging level How to Correct Syslog Timestamp
Catalyst Switch
set logging timestamp enable
Router
sh clock
Web Browser Client
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
[4/28/2010 12:00:00 AM
|
]
