Chapter 18. Logging
Many network administrators overlook the importance of router logs. Logging is critical for fault notification, network forensics, and security auditing.
Cisco routers handle log messages in five ways:
By default, the router sends all log messages to its console port. Only users that are physically connected to the router console port may view these messages. This is called console logging.
Terminal logging is similar to console logging, but it displays log messages to the router’s VTY lines. This type of logging is not enabled by default; if you want to use it, you need to need activate it for each required line.
Buffered logging creates a circular buffer within the router’s RAM for storing log messages. This circular buffer has a fixed size to ensure that the log will not deplete valuable system memory. The router saves memory by deleting old messages from the buffer as new messages are added.
The router can use syslog to forward log messages to external syslog servers for centralized storage. This type of logging is not enabled by default. Much of this chapter is devoted to configuring remote syslog features. The router sends syslog messages to the server on UDP port 514. The server does not acknowledge these messages.
With SNMP trap logging, the router is able to use SNMP traps to send log messages to an external SNMP server. This is an effective method of handling log messages in a SNMP-based environment, but it has certain limitations. We discuss ...