Answers: Syslog 2

By certskills June 18, 2016 09:10

Most of us rely on IOS CLI help to remember the log message severity levels. Thankfully, the help lists the messages in severity order, not alphabetical order. Could you do the lab without using help? Extra credit for you, at least metaphorically speaking. Check out the requirements post first, and then look at the answers here.



Figure 1: Two Routers with IP Addresses

Example 3: R1 Config

Example 4: R2 Config


Syslog provides a mechanism on devices to log the messages that a specific device (system) will typically generate to the console. This provides engineers with the ability to look back at the history of device and the view the events that have happened to gain insight as to its current status. This mechanism accounts for Syslog’s widespread use in troubleshooting. It also provides a method of delivering these messages to an external Syslog server for central storage.

The first requirement asked you to log to a syslog server at address Both routers use the same command to do this: the logging host global command.

Another requirement asks you to disable all local logging except for console messaging local logging. Local logging can be divided into two categories: console logging and buffered logging, disabled by the no logging console or no logging buffered global commands, respectively. Console logging is enabled by default, but the logging console command would be the correct command to re-enable it if it had been disabled.

The third requirement asked you to limit the level of messages to log. The logging trap level command limits the severity level of log messages, with all levels at the listed level, and more severe, sent to syslog. The requirements mentioned the most severe levels in order: Emergency (Level 0), Alert (Level 1) and Critical (Level 2) messages. As a result, both routers use the logging trap critical command. Because the critical level is also level 2, the command logging trap 2 could also be used. Check out chapter the management protocols chapter of the ICND1 Cert Guide for more details about syslog.

Answers: Basic SNMP Config 1
Extended Numbered ACL 1
By certskills June 18, 2016 09:10
Write a comment


  1. mandech September 21, 08:21

    Hi Wendell,
    Great job you are doing! thanks!
    In this post you mention the levels as
    Emergency (Level 0) Alert (Level 1) where as in the official cert book the levels are Emergency (Level 1) Alert (Level 0). Kindly clarify

    Reply to this comment
    • CCENTSkills September 21, 10:00

      The short answer: That figure you remember seeing in the book had an error in it. If you look at the errata file, it’ll show how to fix the figure. The errata is at the book’s web page ( under the updates tab. Specifically, Emergency is level 0, and alert is level 1, as described in the post; the figure in the book originally had flipped those.

      Also, if you have a real router or switch handy, just try a few ? in with the command, and you’ll see a verification of those facts.
      Thanks for the question – always helps to verify the details.

      Reply to this comment
  2. Bav April 1, 12:38

    Great question. In my answer I put the ‘no logging buffered’ command last. I’m assuming this shouldn’t make a difference. Cheers

    Reply to this comment
View comments

Write a comment

Comment; Identify w/ Social Media or Email


Subscribe to our mailing list and get interesting stuff and updates to your email inbox.

Thank you for subscribing.

Something went wrong.