1
00:00:01,100 --> 00:00:06,300
Knowing how to troubleshoot networks is a really important skill for any network engineer.

2
00:00:06,560 --> 00:00:13,340
And knowing how to properly use logging on Cisco routers and switches is a cool requirement to help

3
00:00:13,340 --> 00:00:14,680
you troubleshoot.

4
00:00:14,690 --> 00:00:21,470
It's vital that you know how to use logging directly on a Cisco device as well as using a slug server

5
00:00:21,740 --> 00:00:24,100
when you need to troubleshoot networks.

6
00:00:24,110 --> 00:00:27,990
Now Cisco offers many options with regards to logging.

7
00:00:28,010 --> 00:00:31,360
You can log directly to the consul of Urara.

8
00:00:31,460 --> 00:00:40,090
You can log to a buffer you can look to assist log server as well as additional logging options in these

9
00:00:40,090 --> 00:00:46,180
videos I'm going to show you how to log to the console and use various options with regard to logging

10
00:00:46,450 --> 00:00:53,740
including logging levels look at logging to the buffer as well as logging to ISIS logs server.

11
00:00:53,740 --> 00:01:01,350
So let's get started in this example of a simple network of two rods Rato one in rodded two connected

12
00:01:01,350 --> 00:01:02,290
via They first.

13
00:01:02,310 --> 00:01:09,560
Ethan etting to face on Route 1 if I go to the first Ethan interface and no shut it.

14
00:01:09,640 --> 00:01:16,120
Notice the output that's displayed on the console link and then a number.

15
00:01:16,120 --> 00:01:26,240
In this case three up down interface first Ethan it is 0 0 has changed state to up and then we get another

16
00:01:26,240 --> 00:01:34,930
message or line protocol number five in this case up down line protocol and interface has changed to

17
00:01:34,940 --> 00:01:36,440
up.

18
00:01:36,460 --> 00:01:40,510
There's also a date and time stamp on the message.

19
00:01:40,510 --> 00:01:45,130
So these are logging messages displayed on the console of the router.

20
00:01:45,400 --> 00:01:50,230
And this number indicates service log level.

21
00:01:50,290 --> 00:01:57,390
You can read more about the log protocol in RAFC 5:44.

22
00:01:57,720 --> 00:02:03,400
And I won't bore you going through the entire RAFC But if you want to know the details of logging messages

23
00:02:03,520 --> 00:02:08,930
and the slow protocol this is a good place to start.

24
00:02:09,060 --> 00:02:11,310
I'll just point out a few things.

25
00:02:11,310 --> 00:02:14,370
Certain types of functions are performed.

26
00:02:14,460 --> 00:02:20,360
We have the originator which generates Suslov content to be carried in a message.

27
00:02:20,370 --> 00:02:26,810
So for example a router is generating this log message and then we might have a collector that gathers

28
00:02:26,810 --> 00:02:31,270
this log content for further analysis in a later video.

29
00:02:31,350 --> 00:02:34,940
I'm going to show you how to configure a solar Wiens says log server.

30
00:02:35,190 --> 00:02:40,960
As a collector capturing multiple syslog messages to a central server.

31
00:02:41,400 --> 00:02:45,480
But for now let's start with some of the basic principles of this log.

32
00:02:46,080 --> 00:02:50,000
And to do that we need to look at the priority of each.

33
00:02:50,000 --> 00:02:51,400
So SLOC message.

34
00:02:51,610 --> 00:03:00,720
So in the RAFC we have numerical codes 0 to 7 with the severity description.

35
00:03:00,720 --> 00:03:07,740
When you configure logging on a route as an example you can configure the severity either by the number

36
00:03:08,070 --> 00:03:17,830
or by the name so on all Cecka right at the moment if I type show logging noticed when I typed and a

37
00:03:18,240 --> 00:03:25,200
message was shown with a level of 5 and when I typed showed logging it shows me as an example that the

38
00:03:25,200 --> 00:03:28,950
console logging is set to level debugging.

39
00:03:29,100 --> 00:03:33,620
I can configure the logging level by typing logging

40
00:03:37,130 --> 00:03:44,180
and there are multiple options but in this example I'll configure logging Konsole use question mark

41
00:03:44,630 --> 00:03:52,930
and notice I can specify a logging severity level using a number or I could specify a word.

42
00:03:53,030 --> 00:03:58,670
So either debugging or using the number 7.

43
00:03:58,690 --> 00:04:04,900
So let's start with the highest number seven is debugging which allows you to view debugging messages

44
00:04:05,540 --> 00:04:07,650
Six's informational messages.

45
00:04:07,660 --> 00:04:15,210
This would be something like an access list of violation five notices normal but significant conditions

46
00:04:16,340 --> 00:04:19,020
and example would be line protocol down.

47
00:04:19,250 --> 00:04:21,970
So interface if Cirrus fleshes 0.

48
00:04:22,100 --> 00:04:28,610
If I shut to the interface notice five line protocol is down.

49
00:04:29,470 --> 00:04:31,970
For these warning conditions.

50
00:04:32,100 --> 00:04:41,750
So an example would be a configuration file is written to a server via an S&amp;P request Shreeves errors.

51
00:04:41,760 --> 00:04:43,540
This is an error condition.

52
00:04:43,560 --> 00:04:51,550
An example would be interface updown messages to these critical conditions that might be something like

53
00:04:51,880 --> 00:04:53,810
memory allocation failures.

54
00:04:54,040 --> 00:04:57,680
One is an alert action must be taken immediately.

55
00:04:57,760 --> 00:05:04,480
That might be something like temperature limit has been exceeded and emergencies the system is unstable.

56
00:05:04,750 --> 00:05:11,950
So an example would be that the system is shutting down due to a missing fan tray on a switch is an

57
00:05:11,950 --> 00:05:13,070
example.

58
00:05:13,090 --> 00:05:22,330
So the numerical numbers are specified in this RAFC 5:44 and are specified in lots of places on the

59
00:05:22,330 --> 00:05:24,190
Cisco Web site.

60
00:05:24,190 --> 00:05:26,040
So here is an example.

61
00:05:26,900 --> 00:05:36,440
On the Cisco Web site talking about the error message keywords and corresponding Unix s'est log definitions.

62
00:05:36,440 --> 00:05:42,230
So once again notifications is five normal but significant conditions.

63
00:05:42,230 --> 00:05:48,140
So let's have a look at another example showing you the differences in output on the console of a router

64
00:05:48,440 --> 00:05:56,640
depending on the debugging that you set an important note to make is that if you enable a higher level

65
00:05:56,790 --> 00:06:06,660
such as 7 all other levels are enabled if you enable a level such as five that means levels 0 1 2 3

66
00:06:06,660 --> 00:06:08,960
4 and 5 are enabled.

67
00:06:09,210 --> 00:06:16,320
So whenever you specify a level that level and all lower levels are enabled on the router.