Answers: Syslog 3

Logging happens to be one of those configuration topics that is easy to overlook. In real life, you would probably figure out the site standard, and then configure most routers and switches the exact same way. As a result, you might forget all the little configuration details. If you’re preparing for CCENT or CCNA R&S, go back and try this latest lab first, and then check your answers here.
Answers
Figure 1: Two Router Topology
Example 1: R1 Config (Global Commands)
1 2 3 |
no logging monitor ! Requirement 1 logging console 4 ! Requirement 3 logging buffered 6 ! Requirement 4 |
Example 2: R2 Config (Global Commands)
1 2 3 4 |
no logging console ! Requirement 2 no logging buffered ! Requirement 2 logging host 192.168.2.100 ! Requirement 5 logging monitor notifications ! Requirement 6 |
Commentary
For this lab we are focused on configuring device logging and syslog. Note that the requirements for this lab are not in line with what would be configured on a production network and have been set up as a way to configure a number of different logging and syslog commands within a single lab on only two devices.
Examples 1 and 2 show the configuration on routers R1 and R2, respectively. The examples note which requirements are met by which commands. Rather than repeat all those commands, the following list details a few points that are not obvious from looking at the commands:
- R1 requirement 1: on R1, the no logging monitor global command means that no remote terminal user (that is, Telnet or SSH user) can see log messages on their terminal session after using the terminal monitor command.
- Severity levels: The lab references severity level 4 (warning), 5 (notification), and 6 (informational). Many of the logging commands can take the number or name for a severity level in the same position in the command. For instance, on R2, logging monitor notifications could have instead been configured as logging monitor 6.
Hello Wendell,
Aren’t all the “logging” commands but “logging console” disabled by default?
Actually, I don’t think so. I booted a router with no startup-config to check, here’s what I see in show log:
Router#show log
Syslog logging: enabled (0 messages dropped, 3 messages rate-limited, 0 flushes, 0 overruns, xml disabled, filtering disabled)
No Active Message Discriminator.
No Inactive Message Discriminator.
Console logging: level debugging, 34 messages logged, xml disabled,
filtering disabled
Monitor logging: level debugging, 0 messages logged, xml disabled,
filtering disabled
Buffer logging: level debugging, 34 messages logged, xml disabled,
filtering disabled
Exception Logging: size (4096 bytes)
Count and timestamp logging messages: disabled
Persistent logging: disabled
No active filter modules.
Trap logging: level informational, 37 message lines logged
Logging Source-Interface: VRF Name:
So, looks like logging monitor and logging buffered are also on.
Wendell
I’ve been going through Chapter 33, and I noticed that Early in the chapter you say “logging 172.16.10.1” is the command to enable logging on the server with that IP address. Later on in a table for all the commands, the command is listed as: “logging host 172.16.10.1”.
Google seems to agree with the 2nd version.
Is the first one have bad syntax, or is the command valid?
JCW,
Missed your comment, but for anyone who comes here later… both are valid (with and without the host keyword).
Wendell