Welcome to Bucaro TecHelp!

Bucaro TecHelp
HTTPS Encryption not required because no account numbers or
personal information is ever requested or accepted by this site

About Bucaro TecHelp About BTH User Agreement User Agreement Privacy Policy Privacy Site Map Site Map Contact Bucaro TecHelp Contact RSS News Feeds News Feeds

Network Log Collection and Monitoring

Logging allows you to monitor what happened to your network in the past. Managing, your collected logs can identify issues before they become problems. Cisco devices, however, have limited buffer space to store logs, and when you reboot the device, you lose them.

Collecting logs in one location

To solve Cisco devices’ limited buffer space, use a Syslog server. You can find a Syslog server for Windows from Kiwi Software (now part of SolarWinds). You can choose from many other Syslog servers, all at different price points, ranging from free to thousands of dollars.

The purpose of a Syslog server, regardless of the cost, is to collect log data from a variety of devices and consolidate it in one place where it can easily be monitored, searched, and analyzed. If you use Linux or Unix, you have a huge selection of free Syslog servers.

The Syslog server acts as a collection point for your logging activities, allowing all your network logs to be stored in one place so that you can search it easily. The Syslog server is a must for network security because without a Syslog server, your logs will remain on scattered devices and will never be reviewed or archived.

The downside is that Syslog can send a lot of small pieces of data very fast, so it uses User Datagram Protocol (UDP) and cleartext to prevent overloading the network. To prevent unauthorized users from reading those cleartext packets and to isolate your Syslog traffic, you need to use a separate management VLAN.

This management VLAN should be in place already because that is where you isolate all your switch and router management traffic. Another option, in place of the management network, is to enable network layer security for all this traffic through IPSec or another type of encryption mechanism.

You can easily enable logging from the Cisco side of the equation. (The more difficult part is the configuration of the Syslog server.) Use code similar to the following example, which needs only to specify the IP address of the log server:

Router1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router1(config)#logging host
Choosing a logging level

With almost all Cisco’s Enterprise-level devices are eight default logging levels that range from zero to seven. Each of these logging levels is tied to a detail in the data logging. These levels allow you to easily choose a block of data that you wish to have logged into the system logs, and then actually sends the log info via SNMP or to Syslog destinations.

Take care as you increase the levels because you increase the load on your device CPU. This is especially true of level 7.

Cisco System Logging Levels

0EmergenciesSystem is unusable
1AlertsImmediate action needed
2CriticalCritical conditions
3ErrorsError conditions
4WarningsWarning conditions
5NotificationsInformational messages
6InformationalNormal, but significant, conditions
7DebuggingDebugging messages

As with most things with the Cisco IOS, this is not very difficult to set up or configure. In Global Configuration mode, use two commands. logging trap specifies which logging level should be sent to your Syslog server; logging buffered configures the logging level that displays in the temporary buffer.

Router1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router1(config)#logging trap 6
Router1(config)#logging buffered 6

This is an excerpt from Cisco Networking All-in-One For Dummies.

More Network Troubleshooting and Support Articles:
• Small Business Server Migration Guide
• How to Crimp an Ethernet RJ45 Connector
• Network Address Translation (NAT) Protocol
• Internet-Scale Load Balancing
• Website Design Process Client Meeting Checklist
• Everything You Need To Know About LAN Backbone Cabling
• SME Network Internet IP Addressing Strategies
• Rack Mount Enclosures and Server Racks
• Structured Network Troubleshooting Methodology Step 7 Document Findings, Actions, Outcomes, and Lessons Learned
• Network Design and Proof of Concept Testing

RSS Feed RSS Feed

Follow Stephen Bucaro Follow @Stephen Bucaro

Computer Networking Sections

Fire HD
[Site User Agreement] [Privacy Policy] [Site map] [Search This Site] [Contact Form]
Copyright©2001-2024 Bucaro TecHelp 13771 N Fountain Hills Blvd Suite 114-248 Fountain Hills, AZ 85268