1
00:00:00,940 --> 00:00:04,030
So let's change the logging level, so logging

2
00:00:05,300 --> 00:00:07,670
and once again monitor

3
00:00:09,550 --> 00:00:16,540
and I'll set this to error messages, so errors. So show logging

4
00:00:19,060 --> 00:00:25,240
console is set to debugging, monitor is set to errors, show debug, 

5
00:00:26,740 --> 00:00:29,130
OSPF adjacency debugging is enabled

6
00:00:30,880 --> 00:00:34,780
Interface f0/0 shut the interface, 

7
00:00:36,230 --> 00:00:40,700
we have terminal monitor enabled on our telnet line, no shut.

8
00:00:42,620 --> 00:00:51,590
Once again, we see debugging on the console, but we see nothing on the VTY lines, and that's because

9
00:00:52,280 --> 00:01:01,160
the logging on the console is debugging or level 7 but the logging on the monitor lines is errors

10
00:01:02,420 --> 00:01:03,260
or level 3.

11
00:01:03,890 --> 00:01:06,710
It's worth knowing both the name

12
00:01:07,890 --> 00:01:11,400
and the number with regards to Syslog messages.

13
00:01:13,220 --> 00:01:19,580
Now it's possible to stop all logging to the local console if you like and all you would do is type

14
00:01:19,580 --> 00:01:27,200
no logging console. You could do something similar for other options, such as the monitor lines.

15
00:01:28,010 --> 00:01:36,680
So I noticed when I typed end nothing happened, control z or control zed, nothing happened, show debug

16
00:01:37,700 --> 00:01:41,480
OSPF debugging is enabled show logging

17
00:01:43,730 --> 00:01:52,670
console is disabled in this case, monitoring on the monitor is set to errors, I'll change that to

18
00:01:54,940 --> 00:01:55,660
level 7.

19
00:01:57,750 --> 00:02:01,470
So I've disabled logging on the console

20
00:02:02,650 --> 00:02:09,940
Notice I don't see output here but I see output on the VTY line.

21
00:02:11,009 --> 00:02:12,330
So just to show you that again

22
00:02:14,840 --> 00:02:23,360
hit enter a few times here, control z or control zed notice I see the output on the VTY line

23
00:02:24,450 --> 00:02:29,160
but I don't see the output on the console because I've disabled logging on the console.

24
00:02:30,290 --> 00:02:34,950
I'll shut the interface down on this router and then no shut it.

25
00:02:35,490 --> 00:02:42,860
I see the debugging on the VTY line but I see nothing on the console of the router.

26
00:02:46,100 --> 00:02:55,090
So let's enable that again, logging console debugging, logging monitor debugging, show log show

27
00:02:55,130 --> 00:03:02,360
logging console is set back to debugging and the monitor is set to debugging.

28
00:03:02,780 --> 00:03:05,800
However, in this example, the buffer is disabled.

29
00:03:06,050 --> 00:03:09,140
So let's look at enabling logging on the buffer.

30
00:03:10,490 --> 00:03:18,500
Now, in this example on router 1 show logging shows me that I have logging on the console and logging

31
00:03:18,500 --> 00:03:22,980
on the VTY line but I don't have logging enabled on the buffer.

32
00:03:23,480 --> 00:03:28,460
Now, it's very unlikely that you're going to connect to the console of all your routers and switches

33
00:03:28,790 --> 00:03:32,140
and view logging messages in real time.

34
00:03:32,630 --> 00:03:38,450
You may do that while troubleshooting an issue, but you probably don't want to spend your whole day

35
00:03:38,840 --> 00:03:41,000
looking at console messages.

36
00:03:41,270 --> 00:03:47,690
You would rather have that buffered somewhere or even better, stored in a central place which you can

37
00:03:47,690 --> 00:03:50,810
view offline or view at a later date.

38
00:03:51,260 --> 00:03:56,030
So let's look at buffer logging first and then we'll look at Syslog.

39
00:03:57,910 --> 00:04:04,480
So I'll set logging on the console to a low level 3 errors.

40
00:04:07,470 --> 00:04:13,950
I'll leave it at seven on the why, so that we can see the output, but then I'm going to say logging

41
00:04:14,460 --> 00:04:15,090
buffered

42
00:04:16,740 --> 00:04:20,279
and in this case I'll set it to 7 or debugging.

43
00:04:21,459 --> 00:04:22,270
So show log

44
00:04:24,150 --> 00:04:26,730
console is level 3 errors,

45
00:04:28,220 --> 00:04:35,660
monitor lines in other words, in our example, the VTY is set to debugging, and buffer is set to debugging.

46
00:04:36,990 --> 00:04:39,210
So if I type show log again

47
00:04:41,430 --> 00:04:49,590
I see a message in the buffer, I also see the size of the buffer so I can change that size by typing

48
00:04:49,590 --> 00:04:51,390
logging buffered

49
00:04:53,580 --> 00:04:58,470
and I can set the buffer level to a number and set it to this.

50
00:05:00,130 --> 00:05:01,870
So show log

51
00:05:03,970 --> 00:05:11,020
you can see the buffer size has changed, now that'll depend on the amount of space that you have available

52
00:05:11,170 --> 00:05:12,880
on your router or switch.

53
00:05:15,580 --> 00:05:20,260
So let's do the test again, shut the interface on router 2

54
00:05:21,160 --> 00:05:21,820
no shut it.

55
00:05:23,420 --> 00:05:32,690
I don't see any log messages on the console, I am seeing them on the VTY but if I type show log now

56
00:05:33,680 --> 00:05:40,070
and scroll down notice, I see my OSPF messages in the log

57
00:05:41,120 --> 00:05:43,390
these were not there previously.

58
00:05:44,300 --> 00:05:47,360
I could, as an example, do some filtering.

59
00:05:48,510 --> 00:05:52,770
So using cloud and let's look for the word BDR

60
00:05:54,510 --> 00:06:02,590
and that'll show me all my log messages in the buffer that include the keyword BDR.

61
00:06:03,000 --> 00:06:09,120
It's a lot better and a lot easier to search for specific messages using the buffer than it would be

62
00:06:09,120 --> 00:06:13,200
using the console or a monitor interface such as this.

63
00:06:14,730 --> 00:06:18,210
The problem with buffers is they are limited in size.

64
00:06:18,690 --> 00:06:22,610
You don't have gigs of buffer space available on your routers

65
00:06:22,980 --> 00:06:27,660
and the problem is if you have 100 routers, you're going to end up with 100 buffers.

66
00:06:28,050 --> 00:06:35,490
It makes a lot more sense to have a centralized Syslog server where you collect all the log messages

67
00:06:35,490 --> 00:06:39,110
and store in a single place allows for a lot better searching.

68
00:06:39,150 --> 00:06:43,590
You can use tools in Windows or Mac as an example to search for log messages.

69
00:06:43,970 --> 00:06:45,140
It can be archived.

70
00:06:45,510 --> 00:06:49,600
It's just a lot better to store your log messages on a Syslog server.

71
00:06:49,950 --> 00:06:57,240
So let's look at installing the solarwind Syslog server and capturing the Syslog messages.