= Cisco Syslog =

**Summary**: How to send cisco logging to a linux syslog server. \\
**Date**: Around 2017 \\
**Refactor**: 20 February 2025: Checked links and formatting. \\
{{tag>cisco linux syslog}}

All commands assume you've already logged on to the switch with privilege level 15 access and are already in config mode (conf t).

= Setup Date and Time =

To make sure the logs are displaying the correct timestamp first configure the date and time correctly.

== NTP Server ==

<code>
ntp server 10.10.10.123
</code>

== Timezone ==

<code>
clock timezone CET +1
</code>

== Summertime ==

<code>
clock summer-time CET recurring 1 Sunday April 2:00 last Sunday October 3:00
</code>

== View Date and Time ==

<code>
switch04#show clock
15:15:53.642 CET Thu Sep 23 2010
</code>

Correct!

= Setup Syslog on Cisco Switch =

== Set Timestamps for Logging ==

<code>
service timestamp log datetime localtime
</code>

== Define Syslog Server --
<code>
no logging console
no logging monitor
logging syslog.company.local
</code>

== Set Syslog Severity Level ==

<code>
logging trap 6
</code>

Note:
<code>
switch04(config)#logging trap ?
  <0-7>          Logging severity level
  emergencies    System is unusable                (severity=0)
  alerts         Immediate action needed           (severity=1)
  critical       Critical conditions               (severity=2)
  errors         Error conditions                  (severity=3)
  warnings       Warning conditions                (severity=4)
  notifications  Normal but significant conditions (severity=5)
  informational  Informational messages            (severity=6)
  debugging      Debugging messages                (severity=7)
</code>


== Enable Logon Syslog ==

<code>
logging facility auth
</code>

== Enable Syslogging over Management Interface ==

<code>
logging source-interface Vlan1
logging on
</code>

== Show Logging Configuration ==

<code>
switch04#show logging
Syslog logging: enabled (0 messages dropped, 0 messages rate-limited, 0 flushes, 0 overruns)
    Console logging: level debugging, 2023 messages logged
    Monitor logging: level debugging, 0 messages logged
    Buffer logging: level debugging, 2023 messages logged
    Exception Logging: size (4096 bytes)
    File logging: disabled
    Trap logging: level informational, 2043 message lines logged
        Logging to 10.10.10.14, 1 message lines logged

</code>

= Check and Close =

Now check the configuration, and only write the configuration to the cisco device if everything is correct. To do so:
<code>
write
exit
</code>

= Logging Of Configuration Changes =

The logging of configuration changes was introduced with IOS version 12.3. Since we're running 12.1 with no option to upgrade to 12.3 no testing there. All possibilities are described here: http://www.cisco.com/en/US/docs/ios/12_3t/12_3t4/feature/guide/gtconlog.html
\\
More logging info: http://www.cisco.com/en/US/docs/ios/netmgmt/command/reference/nm_09.html \\

= Useful Links =

* [[http://www.ciscopress.com/articles/article.asp?p=426638&seqNum=3 |An Overview of the syslog Protocol]]