How to configure Cisco products for logging?
Created on 2001-01-13 by Rainer Gerhards.
All Cisco products we know support logging to a syslog host like WinSyslog. This article covers all devices that use IOS (e. g. routers and switches).
Syslog logging needs both to be configured as well as turned on. To configure, you must be in enable mode (see your Cisco documentation on how to enter enable mode). Then switch to configuration mode (the command is “configure terminal” or “conf t” as abbreviation). First of all, you need to specify the syslog host that the messages should be send to. This is the name or IP address of the system WinSyslog is running on. Though a DNS-resolvable name can be used, we strongly recommend using the IP address directly. If your machine has the address “18.104.22.168” then the command is “logging 22.214.171.124”. Next, logging needs to be turned on. This command is “logging on”. Then exit from configuration mode and save the new configuration.
This setting enables syslog logging for common messages (e. g. router configuration and startup). If you would like to have traffic-related logging activated, you need to create traffic filter rules that specify the “log” option and apply them to the interface you are interested in.
More and detailed information can be found at Cisco’s web site under the “logging” command. Please note: this link is to one of Cisco’s product documentation areas. You might want to search the Cisco site to find information specific to the product (router, switch, firewall, etc.) you are using.
Have your logs consolidated but it’s too complicated to review them or create reports? Take a look at MonitorWare Console!
With MonitorWare Console you can not only review your stored log data. You can automatically create reports for Windows events and PIX firewall logs and let them be sent via e-mail and much more.