Information Technology Reference
In-Depth Information
Syslog
The syslog protocol is currently defined in RFC 3164. Syslog transmits event notification
messages over the network. Network devices send the event messages to an event server
for ag g re g at ion. Net work dev ice s include router s, s er ver s, s w itche s, firewalls, and net work
appliances. Syslog operates over UDP, so messages are not sequenced or acknowledged.
The syslog messages are also stored on the device that generates the message and can be
viewed locally.
Syslog messages are generated in many broad areas. These areas are called facilities. Cisco
IOS has more than 500 facilities. Common facilities include
IP
■
CDP
■
OSPF
■
TCP
■
Interface
■
IPsec
■
SYS operating system
■
Security/authorization
■
Spanning Tree Protocol (STP)
■
Each syslog message has a level. The syslog level determines the event's criticality. Lower
syslog levels are more important. Table 15-7 lists the syslog levels.
Ta b l e 1 5 -7
Syslog Message Levels
Syslog Level
Severity
Level
0
Emergency
System is unusable
1
Alert
Ta ke ac t ion i m me d i a tel y
2
Critical
Critical conditions
3
Error
Error messages
4
Wa r n i n g
Wa r n i n g c o n d i t i o n s
5
Notice
Normal but significant events
6
Informational
Informational messages
7
Debug
Debug level messages
Common syslog messages are interface up and down events. Access lists can also be con-
figured on routers and switches to generate syslog messages when a match occurs. Each
