Using Syslog Messages
Syslog messages provide a wealth of information as to the
possible root cause of the outage by generating, for the most part, meaningful
messages such as the reload of module or shielded twisted-pair (STP) root
change, and so on. Cisco switches can be configured for various syslog levels on
a per-protocol basis or globally for all protocols. For example, it is generally
accepted to have spanning-tree syslog level set at 6, meaning the switch will
display syslog messages that fall in the range of 0–6. The number of syslog
messages generated is directly proportional to the syslog level. A syslog of
level 7 generates a lot more syslog messages than a syslog of level 6, and so
on. Therefore, syslog level 7 is primarily for troubleshooting where the switch
logs all messages that are generated by the feature/hardware in question:
-
0— emergencies
-
1— alerts
-
2— critical
-
3— errors
-
4— warnings
-
5— notifications
-
6— informational
-
7— debugging
The size of the buffer dictates how big the storage room will
be for syslog messages on the switch. When the buffer fills up, the old messages
will be removed to make room for the new log messages. If the buffer is too
small, it is possible to lose relevant unread logs on the switch. To protect
against this scenario, syslog buffers are typically set to 1024 and the log
messages are also forwarded to a server for storage. Example 12-10 illustrates a standard configuration. The
switch is configured to forward syslog level 0–6 messages to server, IP address
of 10.1.1.1.
Sections
Comments (0 posted)
Syndication
