Syslog 3

By certskills July 5, 2016 09:05

When first starting out with Cisco routers and switches, log messages are those irritating messages that show up to interrupt us from the current task at hand. Over time, most of us find those messages more and more useful. Eventually, in production networks, you can use those log messages to systematically to monitor network performance, react more quickly to issues, and to better troubleshoot a network. Today’s lab works through a few of the basic commands that let us enable and disable system logging (Syslog) and the severity levels of messages sent to each logging service.


This lab shows two routers. The topology is actually of little importance to the lab. In reality, the lab gives requirements for different logging configuration for two different routers, just to help you exercise your skills. The requirements for this lab are as follows:

  1. On router R1, disable all terminal logging
  2. On router R2, disable all console and buffer logging
  3. On R1, configure console logging to log console severity level 4 and lower; configure those details using numeric severity levels
  4. On R1, configure logging to an internal buffer for severity 6 and below messages; configure those details using numeric severity levels
  5. On R2, enable logging to a Syslog server at address
  6. On R2, configure logging to terminals with severity level 5 and below messages; configure those details using names of the severity levels
  • Assumptions:
    • All router interfaces shown in the lab are up, working and correctly configured with IP addresses
    • IPv4 routing is configured


Figure 1: Two Router Topology

Initial Configuration

Examples 1 and 2 show the beginning configuration state of R1 and R2.


Example 1: R1 Config


Example 2: R2 Config


Answer on Paper, or Maybe Test in Lab

Next, write your answer on paper. Or if you have some real gear, or other tools, configure the lab with those tools.

To test your solution if you happen to try it with VIRL or real gear, try the following to verify each requirement:

  1. If you Telnet to R1, and issue the terminal monitor EXEC command, you still should not see any log messages at all on the screen. (Requirement 1)
  2. If you connect at the console of R2, and try to generate log messages, you should not see them at the console, and should not see them when using the show logging EXEC command. (Requirement 2)
  3. From the console of R1, if you pick an interface and repeatedly issue a shutdown and no shutdown, you should see only the severity 3 messages, but not the severity 5 messages. (Requirement 3)
  4. From R1 (console or Telnet), get into configuration mode (configure terminal) and back out again (end or Ctl-z) repeatedly. Then from any login session, issue a show logging You should see the severity 5 (notification) level messages about the fact that you exited configuration mode; look to the end of the output to see those.
  5. Testing with an external Syslog server will be difficult to test. Just look at the configuration on router R2.
  6. To test, Telnet to R2. Then issue the terminal monitor EXEC command. At that point, you should be able to see any new log messages.


Do this Lab with Cisco’s VIRL

You can do these labs on paper and still get a lot out of the lab. As an extra help, we have added files for the Virtual Internet Routing Lab (VIRL) software as well. The .VIRL file found here is a file that when used with VIRL will load a lab topology similar to this lab’s topology, with the initial configuration shown in the lab as well. This section lists any differences between the lab exercise and the .VIRL file’s topology and configuration.

Download this lab’s VIRL file!

All interfaces in topology match the lab figure.

Answers: GRE Tunnel 2
L3 EtherChannel 1
By certskills July 5, 2016 09:05
Write a comment


  1. Chris April 29, 18:49

    interface GigabitEthernet0/2
    ip address

    Shouldn’t this be

    I was thinking I was crazy for a second (or a couple hundred) there, lol. Thanks for the labs.

    Reply to this comment
    • RN December 14, 22:34

      Yes, so it seems.

      It doesn’t effect the solution though.

      Reply to this comment
      • RN December 14, 22:43

        Please ignore my comment.

        The mistake make the configuration in-valid (the router should reject command, as you noticed.)

        Reply to this comment
View comments

Write a comment

Comment; Identify w/ Social Media or Email


Subscribe to our mailing list and get interesting stuff and updates to your email inbox.

Thank you for subscribing.

Something went wrong.