All the IP devices in an enterprise network generate the log messages to inform the network administrator about the activities of the device. These messages are stored in the memory of the device. These messages contain the timestamps, which tells the network administrator about the time of the event.
In case of Cisco devices, the log messages are generated and sent to the currently logged in users or they can be stored in the RAM of the device or stored externally on a separate Syslog Server.
Accessing the log messages
The log messages of a Cisco device can be accessed by logging in to the device via console or by remotely through telnet or ssh.
If a user is accessing the device via console then he will receive the log messages on his console directly. The log messages will be displayed to all the console users with any severity levels. The log messages are showed to all the console users because the command logging console is enabled on the Cisco device by default.
But if a user is accessing the Cisco device through telnet or ssh then he has to configure additional commands to access the log messages. The commands are logging monitor and terminal monitor.
The logging monitor command enables the display of log messages to all logged in users.
The terminal monitor command should be issued by the user who wants to display the log messages.
If you want to store the log messages to check them later then they can be stored in RAM of the Cisco device by using the command logging buffered in the global configuration command.
If you want to see the log messages stored in RAM then you have to use the command show logging in the execution mode.
The log messages can also be stored in a seperate syslog Server. Any Cisco device can store the log messages in syslog Server by using the syslog protocol. The syslog protocol uses UDP to send the messages to the syslog Server.
Syslog Message Format
The log message generated by the Cisco device contains the below details.
1) A timestamp
2) Which part of the device generated the message.
3) The severity level.
4) Description of the message.
The sample log message is shown in the below diagram.
The log messages generated by the IOS of the Cisco device can be normal messages, important messages, or critical messages.
The IOS allots each message a severity level. If the severity level number is lower than the message is related to the more critical event.
Below are some severity level number and their meanings.
Severity level 0-- emergency
Severity level 1-- Alert
Severity level 2-- Critical event
Severity level 3-- Error event
Severity level 4-- Warning
Severity level 5-- Notification
Severity level 6-- Informational
Severity level 7-- Debug messages