This topic is to discuss the following lesson:
Great lesson Rene.
Well done, very good explanation, straight forward
Renee - Can you possibly give an example of a message that we would see regarding each severity level or an action that would result in us seeing 0-7
Thanks!
Hi Alex,
If you want to get an idea what messages are logged and at what level then this is a nice document by Cisco:
http://www.cisco.com/c/en/us/td/docs/security/asa/syslog-guide/syslogs/logsevp.html
It’s for the ASA but IOS produces similar messages.
Rene
hello Rene Molenaar
I would like to know how to setup Multilayer switch into GNS3.Please reply to me sir.
Best Regard.
Ayeko,
Switching (either L2 or L3) is not fully supported in GNS3. In the standard GNS3 program, the closest you are going to come is by choosing a Cisco 3725 model router with a NM-16ESW module which will give you 16 ethernet ports. Unfortunately, with this setup, some of the commands and capabilities are different than a true Cisco Catalyst switch. It is for this reason that I do not recommend going this way if your intent is for studying.
Another option for GNS3 is to use an IOU image, but discussion of how to do this is beyond the scope of this forum. This article seems to have some nice instructions on how to set this up:
http://letusexplain.blogspot.com/2015/07/cisco-iou-l2-l3-lab-with-gns3-switching.html
hello Andrew P Moderator
I have a some problem and check for my attached file . pleas reply to me.
Ayeko,
Support for GNS should happen with the community forums at GNS:
Hi Andrew,
I want to add something and please correct me if wrong,
if we use telnet session, we have to use the following command if we want enable level error for example:
sw(config)#logging monitor errors
and the following command if we want disable the logging
sw(config)#terminal no monitor
Hello Mahmoud.
These two commands do two very different things. First of all, the logging monitor errors command, does enable error level logging as you mentioned. That is, it logs all level 3 messages and below (Errors, Critical, Alerts and Emergencies). This command places all syslog messages into the local logging buffer (or sends them to the syslog server, depending on the configuration).
Conversely, the terminal monitor and the terminal no monitor commands don’t turn logging on and off. These commands indicate wheather or not the logging messages will be displayed on the command line interface.
By default, when connecting via the console, logging messages are displayed on the command line. That is, terminal monitor is the default setting. When connecting via Telnet, logging messages are NOT displayed by default, that is, terminal no monitor is the default setting.
So when connecting via Telnet, if you want to view the syslog messages on the command line as they occur, you must type terminal monitor. Note that even if the terminal no monitor command is used, syslog messages are continually being recorded, and you can see these using the show logging command.
I hope this has been helpful!
Laz
4 Likes
Hi Lazaros,
Many thanks for your support.
but what about Logging console and No logging console command?
Is that command as the same as teminal monitor?
Hello again Mahmoud
Yes, you are correct, my explanation didn’t clarify this point.
Actually, terminal monitor displays system error messages AND debug command output. Conversely, logging console sends ONLY syslog messages to TTY lines, that is, console connections.
I hope this has been helpful.
Laz
1 Like
Hi,
If I choose logging level 3 , means the log contains 3 and below ?
Thanks
Sims,
You are correct! When you choose a particular logging level, you are essentially choosing the LEAST severity you are interested in. Everything that is at the level you chose and more severe are included. In your example, you chose Level 3 (Error). This means you will get all of the following and nothing else:
Level 0 (Emergency)
Level 1 (Alert)
Level 2 (Critical)
Level 3 (Error)
2 Likes
Hi,
I want to know the difference between syslog and SNMP?
Hello Alb
Syslog is a standard that is used by many vendors for the purpose of message logging. Events that occur within a system (say a router or a switch) are categorised based on severity level as well as function and are stored in a buffer on the device itself or they are sent to a syslog server. These messages are used to for system management and security auditing as well as for general informational analysis and troubleshooting. Syslog messages are generated by the network devices themselves and are just read by the syslog server.
SNMP is a protocol that is used to collect and organise information about managed IP devices (such as routers and switches) but can also be used for modifying that information to change the device’s behaviour. SNMP differs from Syslog in many ways, but one of the most significant is that SNMP is more active in that an SNMP server can query and even modify specific variables (MIBs) that describe system status and configuration.
Although both are complementary in that they are both used for system monitoring and troubleshooting, their functionalities are quite different.
I hope this was helpful in getting you started off in further researching these useful technologies!
Laz
1 Like
With show logging history you can’t verify the setting of logging buffered severity. This can be done with show logging itself, show logging history shows the setting of logging history severity
2 Likes
^ Indeed
It seems the “logging history” relates to the messages sent to an SNMP server. The buffered log (the one you were talking about in this lesson, sent to syslog server) is under “show log”
Hello Philipp
Yes, you are correct. Based on the following Cisco command reference information, that is the case:
I will let @ReneMolenaar know to update the content.
Thanks again!
Laz