Syslog is the log-collection protocol every network device speaks. Configure your routers and switches to send their logs to a central syslog server, and you get a single searchable archive of everything that happened across the network. This lab configures syslog on R2 sending to R1 as the destination, with sensible buffer + console + trap settings.
What you will learn
- The
logging buffered,logging host,logging console,logging trapcommands - The eight syslog severity levels (0-7)
- How to format timestamps with millisecond precision
- The trade-off between log volume and visibility
What this lab does NOT cover
- Syslog over TLS (transport security)
- Structured logging / JSON output
- Splunk / ELK / commercial log analysis platforms
Topology
Download the CCNA Base Topology .yaml
3 iol-xe routers + 1 alpine + 1 ioll2-xe managed switch.
The eight severity levels
| Level | Name | Use case |
|---|---|---|
| 0 | emergencies | System unusable |
| 1 | alerts | Immediate action required |
| 2 | critical | Critical conditions |
| 3 | errors | Error conditions |
| 4 | warnings | Warning conditions |
| 5 | notifications | Normal but significant |
| 6 | informational | Informational messages |
| 7 | debugging | Debug output (very chatty) |
