Logging enables the router or switch to keep track of events that occur.
Logging can help find trends, system error messages, outages, and a variety of
other network events. Time should be taken to develop a logging strategy that
will provide reliable data when required.
Monitoring activity in the log
files is an important aspect of network management and should be conducted
regularly. Monitoring the log files allows the execution of appropriate and
timely action when problems are detected, such as breaches of security or
events that are likely to lead to a potential security breach.
The
logging facility:
- Provides logging information for monitoring and troubleshooting
- Allows selection of the types of logging information captured
- Allows selection of the destination of captured logging information
There are several types of events that can be monitored.
Messages are
classified in terms of levels of severity. Level 0 is the highest level (most
severe) and level 7 is the lowest level (least severe). System messages can be
saved based on the type of facility and the severity level.
Syslog messages can be categorized as follows:
-
Warning, Errors, Critical, Alerts, and
Emergencies are Error level messages generated by software or
hardware malfunctions.
-
Notification level messages generated by interface up/down
transitions and system restart messages.
-
Informational level messages generated by reload requests and
low-process stack messages.
-
Debugging level messages generated by output from the debug
commands.
The logging facility can also be configured to send captured logging
information to select destinations. By default, switches and routers normally
log significant system messages to their internal buffer and the system
console.
The four destinations that syslog messages can be forwarded to
are listed below:

- Console terminal
- Virtual terminals
- Internal buffer
- Syslog server
Be aware that the debugging destination that is used, affects system
overhead. Logging to the console produces high overhead, whereas logging to a
virtual terminal produces less overhead. Logging to a syslog server produces
even less, and logging to an internal buffer produces the least overhead of any
method.
Time, specifically timestamp, is a valuable piece of information
used to determine when a problem arose. The idea behind this is that many
network problems can often be correlated to system configuration changes,
modifications to the network topology (both intentional and unintentional). For
this reason, syslog messages should be time-stamped to enhance real-time
debugging and management.
