mode to set the destination (log) hosts. Step 2 (Optional) Set the log severity (trap) level : Setting the log severity level limits the error messages that are sent to syslog servers to only messages at the specified level. The default value is severity level 6. Use the logging trap command in global configuration mode to set the severity level. Step 3 (Optional) Set the syslog facility : There are many facilities that syslog messages can be sent to. However, Local0 through to Local7 are traditionally used by networking equipment. By default, Cisco routers send syslog messages to the local7 syslog facility. Use the logging facility command in global configuration mode to set the syslog facility. The no logging facility command reverts to the default, local7. Note
All syslog messages have a logging facility and a level. The logging facility can be thought of as 'where', and the level can be thought of as 'what'. The single syslog daemon (syslogd) can be thought of as having multiple pipes. It uses the pipes to decide where to send incoming information based on the pipe on which the information arrives. In this analogy, the logging facilities are the pipes by which the syslogd decides where to send information it receives. Step 4 (Optional) Set the source interface : By default, syslog messages are sent using the IP address of the source interface. You should specify the source IP address of syslog packets, regardless of the interface where the packets actually exit the router. Use the logging source-interface command in global configuration mode to set the source interface. Step 5 Enable logging: Make sure that the router logging process is enabled using the logging on command in global configuration mode. The logging on command has no arguments or keywords. Example: Syslog Implementation
Figure is an example of configuring syslog for router R3 using the commands previously described. In this example, the administrator wants to log all events that occur on the router except the debugging (level 7) information. An example of an informational level (level 6) event is an ACL hit. The router sends the messages from level 6 and all more critical levels (0–5) to the syslog server with the IP address 10.2.2.6.