Also known as: syslog server
Quick Definition
A standard protocol for sending log messages from network devices to a central logging server.
Syslog is the standard way Cisco devices send log messages about events, errors, and state changes. Messages are categorised by severity level: 0 (Emergency), 1 (Alert), 2 (Critical), 3 (Error), 4 (Warning), 5 (Notice), 6 (Informational), 7 (Debug). Syslog messages are sent over UDP port 514. Configuring a syslog server centralises logs for monitoring, troubleshooting, and audit purposes.
logging 10.0.0.50 ! syslog server IP logging trap warnings ! only send level 4 (Warning) and higher logging on show logging
Severity levels go from 0 (most severe) to 7 (least severe/debug). 'logging trap warnings' sends levels 0–4 (not just warnings). Lower number = more severe = fewer but more critical messages.
Syslog is the standard way Cisco devices send log messages about events, errors, and state changes. Messages are categorised by severity level: 0 (Emergency), 1 (Alert), 2 (Critical), 3 (Error), 4 (Warning), 5 (Notice), 6 (Informational), 7 (Debug). Syslog messages are sent over UDP port 514. Configuring a syslog server centralises logs for monitoring, troubleshooting, and audit purposes.
Severity levels go from 0 (most severe) to 7 (least severe/debug). 'logging trap warnings' sends levels 0–4 (not just warnings). Lower number = more severe = fewer but more critical messages.
Syslog falls under the Management domain of the 200-301 exam. Understanding it in context with related terms like ntp and snmp is essential for answering scenario-based questions correctly.