Welcome to Bucaro TecHelp!

Bucaro TecHelp
HTTPS Encryption not required because no account numbers or
personal information is ever requested or accepted by this site

About Bucaro TecHelp About BTH User Agreement User Agreement Privacy Policy Privacy Site Map Site Map Contact Bucaro TecHelp Contact RSS News Feeds News Feeds

Troubleshoot Network With a Syslog Server

Most network devices, like switches and routers, are capable of generating a log of events, called a syslog, which can be send to a syslog server. The types of messages sent depend upon the specific device, but they might include; login, login failure, process start, process stop, and any routine operation. The destination of the syslog server, which might be a network server system is configured by providing its IP address.

After syslog is configured, event data is sent continuously and is available for instantaneous or historical review. Syslog can generate vast amounts of data. You can set the amount of data reported by setting the severity level between 0 and 7.

There is no standard nomenclature for the levels, but they are usually defined by keywords such as catastrophic for 0 which means imminent system failure, to debug for 7, which generates all possible messages. If the logging level is set too broad (high) the log will contain vast amounts of of useless data. If the logging level is set too narrow (low) important events my be missed.

All syslog messages have the same format. The formt is documented in RFC 3164 of the IETF (International Engineering Task Force.

The first part of a message is called PRI (priority) and is a combination of the severity code and a facility code which identifies the source of the syslog message. Next comes a timestamp and the hostname of the sender. Next comes a mnemonic that identifies the type of message, followed by a description or further information about the event.

An example of a syslog message is shown below:

<34>1 2010-10-11T12:14:15.003Z domain.com su - ID47 - BOM'su root' failed for bucky on /dev/pts/8

It can be difficult to sift through the volume of logged messages looking for the source of a problem, therefore several company's have created utilities to search, sort and group messages and provide other useful features. WinSyslog provides a free, full-featured evaluation version of its syslog server for Windows. Syslog Watcher provides a free personal version of its syslog server for Windows.

More Network Troubleshooting and Support Articles:
• Nine Tips for Designing a Small Business Network
• Fiber Optic Cable Tester - What Is It and How to Use?
• How to Repair a Damaged Fiber Optic Cable
• Built-in Utilities for Network Troubleshooting
• Network Log Collection and Monitoring
• Structured Network Troubleshooting Methodology Step 2 Establish a Theory of Probable Cause
• Introduction to Designing an IPv6 Address Plan
• Rack Mount Enclosures and Server Racks
• Troubleshooting the Intermediate System to Intermediate System (IS-IS) Protocol
• Fiber Optic Connectors - The Complete Guide
Menu - More
Network Troubleshooting and Support

RSS Feed RSS Feed

Follow Stephen Bucaro Follow @Stephen Bucaro


Computer Networking Sections

Fire HD
[Site User Agreement] [Privacy Policy] [Site map] [Search This Site] [Contact Form]
Copyright©2001-2024 Bucaro TecHelp 13771 N Fountain Hills Blvd Suite 114-248 Fountain Hills, AZ 85268