1
00:00:00,960 --> 00:00:06,990
Knowing how to troubleshoot networks is a really important skill for any network engineer and knowing

2
00:00:06,990 --> 00:00:14,020
how to properly use logging on Cisco routers and switches is a core requirement to help you troubleshoot.

3
00:00:14,580 --> 00:00:21,450
It's vital that you know how to use logging directly on a Cisco device as well as using a syslog server

4
00:00:21,600 --> 00:00:23,520
when you need to troubleshoot networks.

5
00:00:23,970 --> 00:00:27,480
Now, Cisco offers many options with regards to logging.

6
00:00:27,870 --> 00:00:34,620
You can log directly to the console of a router, you can log to a buffer, you can log to a syslog

7
00:00:34,620 --> 00:00:37,860
server, as well as additional logging options.

8
00:00:39,640 --> 00:00:44,860
In these videos, I'm going to show you how to log to the console and use various options with regards

9
00:00:44,860 --> 00:00:52,360
to logging, including logging levels, we look at logging to the buffer as well as logging to a syslog

10
00:00:52,360 --> 00:00:53,120
server.

11
00:00:53,590 --> 00:00:54,750
So let's get started.

12
00:00:56,190 --> 00:01:01,830
In this example, I've got a simple network of two routers, router 1, and router 2 connected via their

13
00:01:01,830 --> 00:01:03,300
FastEthernet interface.

14
00:01:04,349 --> 00:01:11,550
On router 1, if I go into the FastEthernet interface and no shut it notice the output that's displayed

15
00:01:11,700 --> 00:01:21,840
on the console link and then a number in this case, 3 Up Down interface, FastEthernet 00

16
00:01:22,230 --> 00:01:24,330
has changed state to up,

17
00:01:25,340 --> 00:01:32,660
and then we get another message, a line protocol number 5, in this case, up down line protocol

18
00:01:32,660 --> 00:01:35,150
in the interface has changed to up.

19
00:01:36,360 --> 00:01:43,890
There's also a date and time stamp on the message, so these are logging messages displayed on the console

20
00:01:43,890 --> 00:01:49,200
of the router and this number indicates a syslog level.

21
00:01:50,130 --> 00:01:59,490
You can read more about the syslog protocol in RFC 5424 and I won't bore you going through the entire

22
00:01:59,490 --> 00:02:05,160
RFC, but if you want to know the details of logging messages and the syslog protocol

23
00:02:06,650 --> 00:02:13,460
this is a good place to start. I'll just point out a few things, certain types of functions are performed,

24
00:02:14,300 --> 00:02:19,640
we have the originator, which generates syslog content to be carried in a message.

25
00:02:20,270 --> 00:02:26,750
So now example, a router is generating syslog message and then we might have a collector that gathers

26
00:02:26,750 --> 00:02:31,170
syslog content for further analysis. In a later video

27
00:02:31,190 --> 00:02:38,060
I'm going to show you how to configure a solarwinds source log server as a collector capturing multiple

28
00:02:38,060 --> 00:02:40,590
syslog messages to a central server

29
00:02:41,300 --> 00:02:45,080
but for now, let's start with some of the basic principles of syslog

30
00:02:45,890 --> 00:02:51,040
and to do that, we need to look at the priority of each source syslog message.

31
00:02:51,650 --> 00:02:59,900
So in the RFC we have numerical codes, 0 to 7 with the severity description.

32
00:03:00,590 --> 00:03:07,700
When you configure logging on a router as an example, you can configure the severity either by the number

33
00:03:07,970 --> 00:03:09,110
or by the name.

34
00:03:10,070 --> 00:03:13,610
So on our Cisco router at the moment, if I type show logging.

35
00:03:15,590 --> 00:03:22,580
Notice when I typed end, a syslog message was shown with a level of 5, and when I typed show logging,

36
00:03:22,910 --> 00:03:27,950
it shows me as an example that the console logging is set to level debugging.

37
00:03:28,960 --> 00:03:33,520
I can configure the logging level by typing logging

38
00:03:36,930 --> 00:03:43,680
and there are multiple options, but in this example, I'll configure logging console, use question

39
00:03:43,680 --> 00:03:52,290
mark and notice I can specify a logging severity level using a number or I could specify a word.

40
00:03:52,890 --> 00:03:54,120
So either debugging

41
00:03:55,800 --> 00:03:57,510
or using the No.7.

42
00:03:58,570 --> 00:04:04,840
So let's start with the highest number, 7 is debugging which allows you to view debugging messages,

43
00:04:05,410 --> 00:04:07,330
6 is informational messages

44
00:04:07,540 --> 00:04:10,630
this would be something like an access list of violation,

45
00:04:11,140 --> 00:04:15,130
5 is notices, normal but significant conditions.

46
00:04:16,160 --> 00:04:23,540
An example would be line protocol down, so interface f0/0 if I shut the interface.

47
00:04:24,840 --> 00:04:28,380
Notice, 5 line protocol is down, 

48
00:04:29,410 --> 00:04:37,810
4 is warning conditions, so an example would be a configuration file is written to a server via

49
00:04:37,840 --> 00:04:39,250
an SNMP request,

50
00:04:40,220 --> 00:04:41,240
3 is errors

51
00:04:41,660 --> 00:04:42,900
this is an error condition.

52
00:04:43,370 --> 00:04:45,950
An example would be interface up-down messages.

53
00:04:47,270 --> 00:04:54,980
2 is critical conditions that might be something like memory allocation failures, 1 is an alert

54
00:04:55,310 --> 00:04:57,100
action must be taken immediately.

55
00:04:57,650 --> 00:05:04,120
That might be something like temperature limit has been exceeded and emergency is the system is unstable.

56
00:05:04,640 --> 00:05:11,900
So an example would be that the system is shutting down due to a missing fan tray on a switch as an

57
00:05:11,900 --> 00:05:12,470
example.

58
00:05:12,950 --> 00:05:22,250
So the numerical numbers are specified in this RFC 5424 and are specified in lots of places on the

59
00:05:22,250 --> 00:05:23,220
Sasko website.

60
00:05:24,080 --> 00:05:28,070
So here is an example, on the Cisco website.

61
00:05:29,960 --> 00:05:35,420
Talking about the error message keywords and corresponding UNIX Syslog definitions.

62
00:05:36,320 --> 00:05:41,590
So once again, notifications is 5 normal but significant conditions.

63
00:05:42,140 --> 00:05:48,020
So let's have a look at another example showing you the differences in output on the console of a router 

64
00:05:48,320 --> 00:05:50,450
depending on the debugging that you set.

65
00:05:51,530 --> 00:05:59,990
An important note to make is that if you enable a higher level, such as 7, all other levels are

66
00:05:59,990 --> 00:06:00,590
enabled.

67
00:06:01,220 --> 00:06:07,990
If you enable a level such as 5, that means levels 0, 1, 2, 3, 4, and 5 are 

68
00:06:08,000 --> 00:06:08,650
enabled.

69
00:06:09,080 --> 00:06:16,280
So whenever you specify a level, that level and all lower levels are enabled on the router.