Event logging for routers and switches reveal a great deal about the operating conditions of the device along with valuable time-stamp information to help troubleshoot problems or chains of events that take place.
Cisco routers and switches do not log events in NVRAM (nonvolatile memory). They can be configured to do so using the logging buffered command, with an additional argument to specify the size of the log buffer.
Syslog, described in RFC 5424, is a lightweight event-notification protocol that provides a middle ground between manually monitoring event logs and a full-blown SNMP implementation. It provides a real-time event notification by sending messages that enter the event log to a Syslog server that you specify. Syslog uses UDP port 514 by default.
Steps to configure basic Syslog operation:
Step 1. Install a Syslog server on a workstation with a fixed IP Address.
Step 2. Configure the logging process to send events to the Syslog server’s IP address using the logging host command.
Step 3. Configure any options, such as which severity levels (0-7) you want to send to the Syslog server using the logging trap command.