Configuring Syslog Server On Cisco Routers
Written by Packet Lab | Wednesday, 28 April 2010 16:31 Last Updated on Wednesday, 28 April 2010 17:12 by Packet Lab
Syslog is a standard for forwarding log messages in an Internet Protocol (IP) computer network. It allows separation of the software that generates log messages from the system that stores the messages.
Syslog is a client/server protocol: a logging application transmits a maximum 1024-byte text message to the syslog receiver. The receiver is commonly called syslogd, syslog daemon or syslog server. Syslog messages may be sent via the User Datagram Protocol (UDP) or the Transmission Control Protocol (TCP). The data is sent in cleartext; although not part of the syslog protocol itself, an SSL wrapper may be used to provide for a layer of encryption through SSL/TLS. Syslog uses the port number 514.
Syslog is typically used for computer system management and security auditing. While it has a number of shortcomings, syslog is supported by a wide variety of devices and receivers across multiple platforms. Because of this, syslog can be used to integrate log data from many different types of systems into a central repository.
Configuring Syslog Server On Cisco Routers - Part 1
Configuring Syslog Server On Cisco Routers - Part 2
Configuring Syslog Server On Cisco Routers - Part 3
Configuring Syslog Server On Cisco Routers Lab - Part 1
Configuring Syslog Server On Cisco Routers Lab - Part 2
The Quick and Dirty
While using a syslog server is usually considered a necessity in larger networks, I would argue that even very small networks can benefit greatly from implementing a syslog server. In some industries a syslog server may be mandated as part of a larger security/audit process. Using a remote syslog server rather than just the local logging buffer on Cisco devices gives you a number of advantages such as message persistence, event correlation across devices, and advanced message searching/sorting to name a few examples.
Basic syslog server configuration on a Cisco device is ridiculously easy (logging host x.x.x.x) but there are a number of basic configuration options that you will want to be aware of. This lesson touches on the most often used options.
Command and Configuration References
Quiz (Registered Users Only)
Search Terms: logging host, logging facility, logging trap, logging origin-id,show logging, logging, syslog