mode to set the destination (log) hosts. Step
2 (Optional) Set the log severity (trap) level
: Setting the log severity level limits the error
messages that are sent to syslog servers to only messages at
the specified level. The default value is severity level 6. Use
the logging trap command in global configuration mode to
set the severity level. Step 3 (Optional) Set the
syslog facility : There are many facilities that
syslog messages can be sent to. However, Local0 through to
Local7 are traditionally used by networking equipment. By
default, Cisco routers send syslog messages to the local7
syslog facility. Use the logging facility command in
global configuration mode to set the syslog facility. The no
logging facility command reverts to the default, local7.
Note
All syslog messages have a logging facility and
a level. The logging facility can be thought of as 'where', and
the level can be thought of as 'what'. The single syslog daemon
(syslogd) can be thought of as having multiple pipes. It uses
the pipes to decide where to send incoming information based on
the pipe on which the information arrives. In this analogy, the
logging facilities are the pipes by which the syslogd decides
where to send information it receives. Step 4
(Optional) Set the source interface : By
default, syslog messages are sent using the IP address of the
source interface. You should specify the source IP address of
syslog packets, regardless of the interface where the packets
actually exit the router. Use the logging
source-interface command in global configuration mode to
set the source interface. Step 5 Enable
logging: Make sure that the router logging process is
enabled using the logging on command in global
configuration mode. The logging on command has no
arguments or keywords. Example: Syslog
Implementation
Figure is an example of configuring
syslog for router R3 using the commands previously described.
In this example, the administrator wants to log all events that
occur on the router except the debugging (level 7) information.
An example of an informational level (level 6) event is an ACL
hit. The router sends the messages from level 6 and all more
critical levels (0–5) to the syslog server with the IP address
10.2.2.6.