There are other tools that can be used to help troubleshoot transport layer
problems on network devices. These include:
- Protocol analyzers
- Network device system logs
- Centralized logging system (using Syslog)
- Network Management systems
Protocol Analyzers
Protocol analyzers can be used to collect
information on network operations from the data-link layer to the application
layer. A quality protocol analyzer is able to provide a network engineer with a
source of information on network transactions at the transport layer.

Local System Logging
Configuring buffered local system logging
can also provide a rich source of information when troubleshooting network
problems. A local system log can also provide historical information on past
events. Logging on local systems is highly configurable and can be used to
capture general router events as well as other information of interest, such as
debug messages. The system log buffer uses volatile memory
and is cleared by rebooting the router. Because of this, it is recommended that
system log events be redirected to an external system.
To configure a
router to keep its local log, use the following commands from global
configuration mode:
Router(config)#logging
on
Router(config)#logging buffered [buffer size]
[logging level]
The first step is to ensure
system logging is enabled (note that local system logging is on by default).
When configuring the logging buffer, set the size of the log buffer and the
level of message to log. There are seven levels of logging, from 0 for
emergency messages (indicating that the router is unusable), to 7 for debugging
messages generated by engineer-configured debug commands.
These levels are summarized in Figure
.
The show logging command can be used to display the
state of Syslog error and event logging, including host addresses, and whether
console logging is enabled. This command also displays SNMP configuration
parameters and protocol activity.

Cisco
routers support the Syslog protocol for delivering system log messages to a
centralized system. The Syslog protocol uses UDP port 514 making it a
lightweight, fast, but unreliable delivery mechanism.
Syslog servers are
machines that can listen on UDP port 514, and collate information from a number
of sources (network devices) simultaneously. This information is stored in a
central location, such as a database, from where it can be used to build a
report. Such reports can then be used to spot patterns and trends in network
traffic, including current and potential problems.
Configuration of
Syslog for centralized logging is discussed in detail in Module 7.
Setting the Real Time Clock
The router real time clock can be
manually set or can use a Network Time Protocol source for its information.
Using an NTP time source is recommended for a number of reasons:
- The real time clock of the router is reset when the router is rebooted.
- NTP time sources are much more accurate.
- Having the real-time clock of all devices synchronized can help trace
traffic patterns and trends through the network.
To manually set the router real time clock from privileged mode, use
the clock set [hh:mm:ss] [Day of the month] [Month] [Year]
command. Note that the order of Day of the month and
Month does not matter. For example, the following two
commands have the same effect:
Router#clock set 15:42:00 14 July
2005
Router#clock set 15:42:00 July 14
2005
Using Network Time Protocol
Network
Time Protocol servers are available for time queries on the Internet and are
arranged in a hierarchy of importance. A list of NTP servers publicly available
from the Internet is available from
http://www.eecis.udel.edu/ ~mills/ntp/servers.html.
To configure the router to query an NTP
time source, use these commands from global configuration mode:
Router(config)#ntp peer [NTP server IP
address]
Router(config)#ntp peer
authenticate
Note that NTP sends traffic to and from
UDP port 123. This needs to be allowed when configuring the firewall router
access list.
The network administrator should also set the time zone
local to the router so that the router knows how far to adjust the UTC time
signal received from the NTP time source. Use these commands to configure the
local time zone of the router:
Router(config)#clock timezone [timezone-name]
[hours-offset] [minutes-offset]
This command can also
be used to uniquely identify log messages from the router by specifying a
unique time zone name. Note that the timezone-name parameter is limited to
eight characters.
Figure
shows how to
configure a router with NTP and a local time zone.
Enabling Date and Time Stamps on Logged Messages
To enable date
and time stamps for logged messages, use the following command from global
configuration mode:
Router(config)#service timestamps
debug datetime [localtime] [msec] [show-timezone]
The
keywords localtime, msec, and
show-timezone can all be used to add extra information to
the logged messages. It is recommended that the msec
keyword is included, especially on busy routers.
Figure
shows messages
with the date and time stamp information.