How to Configure Syslog Server in Packet Tracer

Syslog is an industry-standard protocol used to log messages about events that occur within a network device.

On a network device like a router or switch, syslog can display messages about the device, like the interface of the device going down, the OSPF neighbor status of a router with another router, etc.

Logs are very essential for troubleshooting issues in the network. It displays information about the events that occur within a network device. This information helps to determine what is wrong with a network device.

In addition to Syslog, another network monitoring protocol that complements Syslog is SNMP. We will cover SNMP in another post.

By default, syslog messages are displayed on the command line of the network device and also stored in a buffer in the device’s RAM. However, we can make the syslog message be stored and displayed on a server.

Storing syslog messages on a server improves network management as one syslog server can be used to monitor a number of network devices (routers or switches, for example).

In this post, I will show you how to configure a syslog server in packet tracer.

Related Post

ALSO READ:  How To Connect Two Routers Using Serial Port in Packet Tracer

Network topology

The network topology we will be making use of in this post is shown below. As you can see, it consists of two routers, a switch, a PC and a Syslog server. In this demonstration, we will enable the syslog logging service on the syslog server and then configure router1 and router2 to log their syslog messages to the syslog server.

network topology comprising of two routers, a switch, a PC an

How to Configure Syslog Server in Packet Tracer

Here are the steps to configure Syslog Server in the packet tracer:

Step 1: Configure the interface IP addresses.

Enter the following commands on the routers to assign IP address to their interfaces.

Router1

R1>enable
R1#configure terminal
R1(config)#interface g0/0
R1(config-if)#ip address 192.168.1.1 255.255.255.252
R1(config-if)#no shut
R1(config-if)#interface g0/1
R1(config-if)#ip address 192.168.0.1 255.255.255.0
R1(config-if)#no shut

 Router2

R2>enable
R2#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
R2(config)#interface g0/0
R2(config-if)#ip address 192.168.1.2 255.255.255.252
R2(config-if)#no shut
R2(config-if)#exit
R2(config)#ip route 192.168.0.0 255.255.255.0  192.168.1.1 

Note: I configured a static route to the 192.168.0.0 network on router 2. We have a separate post on static route configuration.

Then assign an IP address to the interface of the Syslog server.

assign ip address to the server

Also, assign an IP address to the PC0 as labeled in the network topology.

Step 2: Enable Syslog logging service on the server

Although Syslog is enabled by default on the server, you need to verify that it is enabled. If it is not enabled, then turn it on.

Go to Services>SYSLOG

Enabling syslog service on the server

Step 3: Configure the routers to log syslog messages to the server

Our goal is to log syslog messages from the two routers in the network to the syslog server. Enter the following commands on each of the routers to enable them to start logging their syslog messages to the server

Router1

R1>enable
R1#configure terminal
R1(config)#logging host 192.168.0.5
R1(config)#logging trap debugging

 Router2

R2>enable
R2#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
R2(config)#logging host 192.168.0.5
R2(config)#logging trap debugging

The command “logging host 192.168.0.5” specifies the IP address of the server to which the router will log its syslog messages.

The command “logging trap debugging” specifies the logging level. Debugging is at level 7 of the Syslog severity levels.

Step 4: View the syslog messages on the server

Before going to view the logs on the syslog server, we need to generate some syslog messages on each of the routers.

I have entered the following commands on the routers to generate some log messages:.

 Router1

R1(config-if)#shut
R1(config-if)#
%LINK-5-CHANGED: Interface GigabitEthernet0/0, changed state to administratively down
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to down
R1(config-if)#no shut
R1(config-if)#
%LINK-5-CHANGED: Interface GigabitEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up

 Router2

R2(config-if)#shut

R2(config-if)#
%LINK-5-CHANGED: Interface GigabitEthernet0/0, changed state to administratively down
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to down
R2(config-if)#no shut
R2(config-if)#
%LINK-5-CHANGED: Interface GigabitEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up

Now, the above syslog messages seen on the command line are also recorded on the server, as shown below.

Viewing the syslog messages.

Related Post

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top