Syslog is an industry-standard protocol used to log messages about events that occur within a network device.
On a network device like a router or switch, syslog can display messages about the device, like the interface of the device going down, the OSPF neighbor status of a router with another router, etc.
Logs are very essential for troubleshooting issues in the network. It displays information about the events that occur within a network device. This information helps to determine what is wrong with a network device.
In addition to Syslog, another network monitoring protocol that complements Syslog is SNMP. We will cover SNMP in another post.
By default, syslog messages are displayed on the command line of the network device and also stored in a buffer in the device’s RAM. However, we can make the syslog message be stored and displayed on a server.
Storing syslog messages on a server improves network management as one syslog server can be used to monitor a number of network devices (routers or switches, for example).
In this post, I will show you how to configure a syslog server in packet tracer.
Related Post
- How to Configure NTP Server in Packet Tracer
- How to Configure a Web Server in Packet Tracer
- How to Configure TFTP Server In Packet Tracer
- How To Configure FTP Server in Cisco Packet tracer
- How To Configure Email Server in Cisco Packet Tracer
- How to Configure DNS Server On Cisco Packet Tracer
Network topology
The network topology we will be making use of in this post is shown below. As you can see, it consists of two routers, a switch, a PC and a Syslog server. In this demonstration, we will enable the syslog logging service on the syslog server and then configure router1 and router2 to log their syslog messages to the syslog server.
How to Configure Syslog Server in Packet Tracer
Here are the steps to configure Syslog Server in the packet tracer:
Step 1: Configure the interface IP addresses.
Enter the following commands on the routers to assign IP address to their interfaces.
Router1
R1>enable
R1#configure terminal
R1(config)#interface g0/0
R1(config-if)#ip address 192.168.1.1 255.255.255.252
R1(config-if)#no shut
R1(config-if)#interface g0/1
R1(config-if)#ip address 192.168.0.1 255.255.255.0
R1(config-if)#no shut
Router2
R2>enable
R2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#interface g0/0
R2(config-if)#ip address 192.168.1.2 255.255.255.252
R2(config-if)#no shut
R2(config-if)#exit
R2(config)#ip route 192.168.0.0 255.255.255.0 192.168.1.1
Note: I configured a static route to the 192.168.0.0 network on router 2. We have a separate post on static route configuration.
Then assign an IP address to the interface of the Syslog server.
Also, assign an IP address to the PC0 as labeled in the network topology.
Step 2: Enable Syslog logging service on the server
Although Syslog is enabled by default on the server, you need to verify that it is enabled. If it is not enabled, then turn it on.
Go to Services>SYSLOG
Step 3: Configure the routers to log syslog messages to the server
Our goal is to log syslog messages from the two routers in the network to the syslog server. Enter the following commands on each of the routers to enable them to start logging their syslog messages to the server
Router1
R1>enable
R1#configure terminal
R1(config)#logging host 192.168.0.5
R1(config)#logging trap debugging
Router2
R2>enable
R2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#logging host 192.168.0.5
R2(config)#logging trap debugging
The command “logging host 192.168.0.5” specifies the IP address of the server to which the router will log its syslog messages.
The command “logging trap debugging” specifies the logging level. Debugging is at level 7 of the Syslog severity levels.
Step 4: View the syslog messages on the server
Before going to view the logs on the syslog server, we need to generate some syslog messages on each of the routers.
I have entered the following commands on the routers to generate some log messages:.
Router1
R1(config-if)#shut
R1(config-if)#
%LINK-5-CHANGED: Interface GigabitEthernet0/0, changed state to administratively down
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to down
R1(config-if)#no shut
R1(config-if)#
%LINK-5-CHANGED: Interface GigabitEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up
Router2
R2(config-if)#shut
R2(config-if)#
%LINK-5-CHANGED: Interface GigabitEthernet0/0, changed state to administratively down
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to down
R2(config-if)#no shut
R2(config-if)#
%LINK-5-CHANGED: Interface GigabitEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up
Now, the above syslog messages seen on the command line are also recorded on the server, as shown below.
Related Post
- How to Configure NTP Server in Packet Tracer
- How to Configure a Web Server in Packet Tracer
- How to Configure TFTP Server In Packet Tracer
- How To Configure FTP Server in Cisco Packet tracer
- How To Configure Email Server in Cisco Packet Tracer
- How to Configure DNS Server On Cisco Packet Tracer
I am a passionate Networking Associate specializing in Telecommunications.
With a degree in Electronic engineering, I possess a strong understanding of electronic systems and the intricacies of telecommunications networks. I gained practical experience and valuable insights working for a prominent telecommunications company.
Additionally, I hold certifications in networking, which have solidified my expertise in network architecture, protocols, and optimization.
Through my writing skills, I aim to provide accurate and valuable knowledge in the networking field.
Connect with me on social media using the links below for more insights.
You can contact me using [email protected] or connect with me using any of the social media account linked below