Device Logs

Network Device Logs

• Reviewing logs can help network professionals to better understand what, how and when something has occurred on a network.

• It also helps network professionals to determine whether the network device is working as expected or experiencing any issues.

Syslog

• Whenever an event, either major or minor, occurs on a Cisco device, a system message is generated containing details about the event, this is known as Syslog. 

• The Cisco IOS sends all Syslog Severity messages onto the Console for anyone who is currently logged-on to a Cisco device. 

• Syslog uses UDP port 514

• This is due to the default configuration, logging console in the global configuration mode.

• The logging monitor command is used to tell the Cisco IOS to send log messages to all logged users on the device.

• The terminal monitor command (priv exec) tells the Cisco IOS this terminal session would like to receive log messages.

• A Syslog message provides the following:

  • The ability to gather logging information for monitoring and troubleshooting

  • The ability to select the type of logging information that is captured

  • The ability to specify the destinations of captured syslog messages

  • Every syslog message contains a severity level and a facility.

Syslog Format

• Seq_no:timestamp: %facility-severity-MNEMONIC:description

  • Timestamp (enabled by default)

  • Facility

  • Severity

  • Mnemonic

  • Description

Syslog logging levels/severity levels

Windows Logs

1. On the Windows search bar, type "event viewer".

2. Expand Windows Logs folder.

3. Select the Application, Security, Setup, System, and Forwarded Events to view the different logs types.

Linux Logs

• Authorization logs - sudo cat -n /var/log/auth.log.1

• Kernel logs - sudo cat -n /var/log/kern.log

• System logs - sudo cat -n /var/log/syslog

• Audit logs - sudo cat -n /var/log/audit/audit.log