Enabling Local Router Logging

Enabling Local Router Logging

Problem

You want your router to record log messages, instead of just displaying them on the console.

Solution

Use the logging buffered configuration command to enable the local storage of router log messages:

Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#logging buffered informational
Router(config)#end
Router#

Discussion

This feature causes the router to store all log messages to a revolving buffer called the logging buffer. Many network administrators find it convenient and useful to keep detailed router logs on the router itself. The router discards its oldest messages to make room for new ones. This ensures that the logging buffer contains the most recent messages without depleting the router's RAM. You can use the show logging command to view this buffer:

Router>show logging
Syslog logging: enabled (0 messages dropped, 0 messages rate-limited, 0 flushes, 0 overruns)
Console logging: level debugging, 653 messages logged
Monitor logging: level debugging, 65 messages logged
Buffer logging: level informational, 1 messages logged
Logging Exception size (4096 bytes)
Trap logging: level informational, 657 message lines logged

Log Buffer (4096 bytes):
Mar 26 09:02:25: %SEC-6-IPACCESSLOGS: list 99 denied 172.16.2.2 5 packets
Mar 26 09:04:56: %CLEAR-5-COUNTERS: Clear counter on all interfaces on vty1
Mar 26 09:05:13: %SYS-5-CONFIG_I: Configured from console by ijbrown on vty1
Router>

Note that the default severity logging level is set to debugging. You can adjust the severity level of the buffered log with the severity level keyword. In the example in the Solution section, we configured the router with the keyword informational. This will cause it to ignore debugging messages, but retain all other system log messages.

The log messages appear in order from oldest to most recent. By default, the show logging command displays all messages contained in the log buffer. However, you can display specific message types by using output modifiers:

Router>show log | include denied
Apr 7 21:16:12 EDT: %SEC-6-IPACCESSLOGS: list 98 denied 172.25.25.1 19 packets
Apr 7 21:21:12 EDT: %SEC-6-IPACCESSLOGS: list 98 denied 172.25.1.5 1 packet
Apr 7 21:26:12 EDT: %SEC-6-IPACCESSLOGS: list 98 denied 172.25.25.1 19 packets
Apr 7 21:31:13 EDT: %SEC-6-IPACCESSLOGS: list 98 denied 172.25.25.1 5 packets
Apr 7 21:33:13 EDT: %SEC-6-IPACCESSLOGS: list 98 denied 172.25.1.5 16 packets
Apr 7 21:36:13 EDT: %SEC-6-IPACCESSLOGS: list 98 denied 172.25.25.1 5 packets
Router>

By using output modifiers, you can display a single type of message based on a regular expression, similar to the grep command in Unix.

We discussed the importance of accurate time keeping and log time stamping in Chapter 14, where we highly recommended enabling log time stamps to help make the log messages more meaningful.

To disable the router's logging buffer, use the following command:

Router#configure terminal 
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#no logging buffered
Router(config)#end
Router#

See Also