Answers: Syslog 2

By certskills June 18, 2016 09:10

Most of us rely on IOS CLI help to remember the log message severity levels. Thankfully, the help lists the messages in severity order, not alphabetical order. Could you do the lab without using help? Extra credit for you, at least metaphorically speaking. Check out the requirements post first, and then look at the answers here.



Figure 1: Two Routers with IP Addresses

Example 3: R1 Config

Example 4: R2 Config


Syslog provides a mechanism on devices to log the messages that a specific device (system) will typically generate to the console. This provides engineers with the ability to look back at the history of device and the view the events that have happened to gain insight as to its current status. This mechanism accounts for Syslog’s widespread use in troubleshooting. It also provides a method of delivering these messages to an external Syslog server for central storage.

The first requirement asked you to log to a syslog server at address Both routers use the same command to do this: the logging host global command.

Another requirement asks you to disable all local logging except for console messaging local logging. Local logging can be divided into two categories: console logging and buffered logging, disabled by the no logging console or no logging buffered global commands, respectively. Console logging is enabled by default, but the logging console command would be the correct command to re-enable it if it had been disabled.

The third requirement asked you to limit the level of messages to log. The logging trap level command limits the severity level of log messages, with all levels at the listed level, and more severe, sent to syslog. The requirements mentioned the most severe levels in order: Emergency (Level 0), Alert (Level 1) and Critical (Level 2) messages. As a result, both routers use the logging trap critical command. Because the critical level is also level 2, the command logging trap 2 could also be used. Check out chapter the management protocols chapter of the ICND1 Cert Guide for more details about syslog.

Answers: Basic SNMP Config 1
Extended Numbered ACL 1
By certskills June 18, 2016 09:10
Write a comment


  1. mandech September 21, 08:21

    Hi Wendell,
    Great job you are doing! thanks!
    In this post you mention the levels as
    Emergency (Level 0) Alert (Level 1) where as in the official cert book the levels are Emergency (Level 1) Alert (Level 0). Kindly clarify

    Reply to this comment
    • CCENTSkills September 21, 10:00

      The short answer: That figure you remember seeing in the book had an error in it. If you look at the errata file, it’ll show how to fix the figure. The errata is at the book’s web page ( under the updates tab. Specifically, Emergency is level 0, and alert is level 1, as described in the post; the figure in the book originally had flipped those.

      Also, if you have a real router or switch handy, just try a few ? in with the command, and you’ll see a verification of those facts.
      Thanks for the question – always helps to verify the details.

      Reply to this comment
  2. Bav April 1, 12:38

    Great question. In my answer I put the ‘no logging buffered’ command last. I’m assuming this shouldn’t make a difference. Cheers

    Reply to this comment
  3. Andrey Pizhamov September 2, 11:53

    Dear Wendell,
    I see the following information concerning syslog in your book:
    “To configure a router or switch to send log messages to a syslog server, add the logging {address|hostname} global command, referencing the IP address or hostname of the syslog server”

    Also in the Figure 33-2 IOS Storing Log Messages for Later View: Buffered and Syslog Server I see the command ‘logging’

    Here you added the keyworld ‘host’ in the command:
    logging host

    Checking this issue on my lab router 1841, I see no difference:

    Router(config)#no logging
    *Jan 1 00:02:34.415: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host stopped – CLI initiated
    Router(config)#logging host
    Router(config)#no logging
    *Jan 1 00:02:52.491: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host stopped – CLI initiated

    PS. I wish to thank you for your amazing blog where you describe a lot of things in a clear and easy way. I couldn’t get through some issues from the book but after reading this blog they have become crystal clear to me.

    Reply to this comment
    • certskills Author September 3, 13:25

      Hi Andrey,
      Thanks for the info. Yep, the “host” parameter is optional. I didn’t point that out in the chapter, but I should have. So, with or without the host parameter, the command does the same thing. EG, logging is the exact same as logging host

      Glad you find the blog helpful!

      Reply to this comment
View comments

Write a comment

Comment; Identify w/ Social Media or Email


Subscribe to our mailing list and get interesting stuff and updates to your email inbox.

Thank you for subscribing.

Something went wrong.