Troubleshoot Network With a Syslog Server
By Stephen Bucaro
Most network devices, like switches and routers, are capable of generating a log
of events, called a syslog, which can be send to a syslog server.
The types of messages sent depend upon the specific device, but they might include;
login, login failure, process start, process stop, and any routine operation. The destination
of the syslog server, which might be a network server system is configured by providing
its IP address.
After syslog is configured, event data is sent continuously and is available for instantaneous
or historical review. Syslog can generate vast amounts of data. You can set the amount
of data reported by setting the severity level between 0 and 7.
There is no standard nomenclature for the levels, but they are usually defined by keywords
such as catastrophic for 0 which means imminent system failure, to debug for 7, which
generates all possible messages. If the logging level is set too broad (high) the log will
contain vast amounts of of useless data. If the logging level is set too narrow (low)
important events my be missed.
All syslog messages have the same format. The formt is documented in
of the IETF (International Engineering Task Force.
The first part of a message is called PRI (priority) and is a combination of the severity code
and a facility code which identifies the source of the syslog message. Next comes a timestamp
and the hostname of the sender. Next comes a mnemonic that identifies the type of message,
followed by a description or further information about the event.
An example of a syslog message is shown below:
<34>1 2010-10-11T12:14:15.003Z domain.com su - ID47 - BOM'su root' failed for bucky on /dev/pts/8
It can be difficult to sift through the volume of logged messages looking for the source
of a problem, therefore several company's have created utilities to search, sort and group
messages and provide other useful features. WinSyslog
provides a free, full-featured evaluation version of its syslog server for Windows.
Syslog Watcher provides a free
personal version of its syslog server for Windows.
More Network Troubleshooting and Support Articles:
• SME Network Internet IP Addressing Strategies
• Standard Network Path Metrics
• Five Free Tools Every Network Administrator Should Have
• How to Choose Work Area Network Cable Faceplate Locations
• Putting Your SME Data on the Internet
• Network Address Translation (NAT) Protocol
• DevOps - Development and Operations
• Troubleshooting the Intermediate System to Intermediate System (IS-IS) Protocol
• Questions to Ask Before Beginning Network Design
• How a Firewall Provides Network Security