Syslog

Question 1

T/F: Syslog is a Cisco proprietary protocol for message logging

Answer 1

False

Syslog is an industry standard

Question 2

What are the basic fields of a syslog message

Answer 2

sequence:time stamp: %facilility-severity-MNEMONIC: description

Question 3

What is the sequence field of a syslog message for?

Answer 3

Indicated the order/sequence of the message

Question 4

What is the facility field of a syslog message for?

Answer 4

Value that indicates which process on the device generated the message

Question 5

What is the severity field of a syslog message for?

Answer 5

Indicating severity of the event. There are 8 severity levels.

Question 6

What is the mnemonic field of a syslog message for?

Answer 6

A short code for the message, indicating what happened in brief

Question 7

What is the description field of a syslog message for?

Answer 7

A more in depth description of the event being logged

Question 8

T/F: The higher the severity level, the more severe the message is

Answer 8

False

Severity 0 is the worst, severity 7 is debugging

Question 9

List the levels of syslog severity

Answer 9

0: Emergency (most severe)
1: Alert
2: Critical
3: Error
4: Warning
5: Notice (normal but significant), referred to as Notification in IOS
6: Informational
7: Debugging (least severe)

Question 10

Where can syslog messages be sent to?

Answer 10

1) Console Line: Displayed to CLI when connected to a device the console port
2) VTY Lines: Displayed in the CLI when connected to the device via Telnet/SSH. Disabled by default
3) Buffer: Syslog messages saved to RAM. All messages saved. Look at via sh logging
4) External Server: Can configure a device to send syslog messages to external server

Question 11

What is the protocol and port syslog servers listen for messages on

Answer 11

UDP 514

Question 12

T/F: By default, if logging monitor level is enabled, syslog messaged will be displayed when connected via Telnet or SSH

Answer 12

False

Even if logging monitor is enabled, syslog messages will not be displayed when connected via telnet or SSH

For messages to be displayed, use: R1# terminal monitor

This must be done every time you connect via telnet or ssh

Question 13

What is the command to prevent a syslog message from interrupting what you are trying to type

Answer 13

logging synchronous

Question 14

What is the command to enable timestamps on syslog messages

Answer 14

service timestamps log datetime-or-uptime

datetime is usually preferred

Question 15

What is the command to enable sequence numbers on syslog messages

Answer 15

service sequence-numbers

Question 16

T/F: Syslog is a good replacement for SNMP, you don’t need to have both

Answer 16

False

Both are used for monitoring and troubleshooting, but they are complementary with different functionalities. Both should be used together to facilitate a network

Question 17

List the Syslog severity levels in order, along with their keyword equivalent

Answer 17

0 - Emergencies
1 - Alerts
2 - Critical
3 - Errors
4 - Warnings
5 - Notifications
6 - Informational
7 - Debugging