-
Cisco IOS Network Management Command Reference
-
Introduction
-
absolute through action snmp-trap
-
action string compare through buffers tune automatic
-
calendar set through clock update-calendar
-
cns aaa authentication through discover (cns)
-
emm through event manager scheduler script
-
event manager scheduler suspend through hw-module logging onboard (Cat 6K)
-
idle-timeout (WSMA) through ip director server weights
-
ip dns server through kron policy-list
-
line-cli through logging userinfo
-
major rising through ntp update-calendar
-
object id (action notification) through rmon queuesize
-
sample (expression) through show ethernet oam status
-
show event manager detector through show event manager session cli username
-
show facility-alarm through show ntp status
-
show odm-format through show rmon topn
-
show snmp through snmp mib event sample
-
snmp mib event trigger owner through snmp-server enable informs
-
snmp-server enable traps through snmp-server enable traps ospf cisco-specific retransmit
-
snmp-server enable traps ospf cisco-specific state-change through snmp-server enable traps voice poor-qov
-
snmp-server engineID local through snmp trap link-status
-
sntp broadcast client through xsm vdm
-
Feedback
Table Of Contents
line-cli
Note
Effective with Cisco IOS Releases 12.3(8)T and 12.3(9), the line-cli command is replaced by the cli (cns) command. See the cli (cns) command for more information.
To connect to the Cisco Networking Services (CNS) configuration engine using a modem dialup line, use the line-cli command in CNS Connect-interface configuration mode.
line-cli {modem-cmd | line-config-cmd}
Syntax Description
Command Default
No command lines are specified to configure modem lines.
Command Modes
CNS Connect-interface configuration
Command History
Usage Guidelines
Use this command to connect to the CNS configuration engine using a modem dialout line. The bootstrap configuration on the router finds the connecting interface, regardless of the slot in which the card resides or the modem dialout line for the connection, by trying different candidate interfaces or lines until it successfully pings the registrar.
Enter this command to enter CNS Connect-interface configuration (config-cns-conn-if) mode. Then use one of the following bootstrap-configuration commands to connect to the registrar for initial configuration:
•
•
The config-cli command accepts the special directive character "&," which acts as a placeholder for the interface name. When the configuration is applied, the & is replaced with the interface name. Thus, for example, if we are able to connect using FastEthernet0/0, the following is the case:
•
•
Examples
The following example enters CNS Connect-interface configuration mode, connects to a configuration engine using an asynchronous interface, and issues a number of commands:
Router(config)# cns config connect-intf AsyncRouter(config-cns-conn-if)# config-cli encapsulation pppRouter(config-cns-conn-if)# config-cli ip unnumbered FastEthernet0/0Router(config-cns-conn-if)# config-cli dialer rotart-group 0Router(config-cns-conn-if)# line-cli modem InOutRouter(config-cns-conn-if)# line-cli...<other line commands>...Router(config-cns-conn-if)# exitThese commands apply the following configuration:
line 65modem InOut...interface Async65encapsulation pppdialer in-banddialer rotary-group 0Related Commands
link monitor
To globally enable link monitoring or to set the minor monitoring intervals for a major monitoring interval, use the link monitor command in global configuration mode. To disable the link monitoring function, use the no form of this command.
link monitor {parameters | samples num-samples}
no link monitor {parameters | samples}
Syntax Description
Command Default
Link monitoring is enabled.
Command Modes
Global configuration (config)
Command History
Usage Guidelines
Parameters must be configured at the interface level before monitoring can start. When monitoring is enabled globally, all previously configured parameters will be monitored. If monitoring is disabled globally, parameter configurations are not lost.
A major monitoring interval is divided into minor intervals, which are the time periods between link monitoring events. The value of the num-samples argument is the number of minor intervals (the number of times parameters are sampled within the major interval).
This command changes the sample rate globally. When the sample rate is changed, the minor interval value currently configured is discarded. The new minor interval time takes effect after the current minor interval ends.
Examples
The following example shows how to configure a minor monitoring interval of 25:
Router(config)# link monitor samples 25The following example shows how to configure monitoring globally for all parameters:
Router(config)# link monitor parameterslink monitor (interface)
To configure parameters on an interface and set the error count limits and monitoring intervals, use the link monitor command in interface configuration mode. To disable monitoring, use the no form of this command.
link monitor parameter-name [interval interval] [threshold [high high-threshold]
[low low-threshold]no link monitor [parameter-name]
Syntax Description
Command Default
Link monitoring is disabled when parameters are not configured.
Command Modes
Interface configuration (config-if)
Command History
Usage Guidelines
Parameters must be configured at the interface level before monitoring can start. When monitoring is enabled globally, all previously configured parameters will be monitored. If monitoring is disabled globally, parameter configurations are not lost. By default, monitoring is enabled globally.
This command is used to set high and low thresholds and major monitoring intervals for a link. You have the option of either resetting the values to their defaults or keeping them as the previously set values if the previously set values are not the default and if you do not enter the value while you are changing other parameters.
If the high threshold is exceeded, a high-severity trap is sent, and if the restart mechanism is enabled, the link is administratively shut down. If the low threshold is exceeded, a low-severity trap is sent. The high threshold should not be less than the low threshold.
The interval, high threshold, and low threshold values should be configured together; otherwise, the default is used for the values that are not explicitly configured.
X.25 parameters can be configured for monitoring only if X.25 is configured on the interface. X25 cannot be configured on ATM port adaptors. When X.25 encapsulation is disabled, the timers for the configured X.25 parameters continue to run, but the parameter values are not monitored. You must explicitly disable monitoring for an X.25 parameter to completely stop monitoring (which includes stopping the timers).
Examples
The following example shows how to configure an interval and thresholds for runts:
Router(config)# interface ethernet 1/1Router(config-if)# link monitor runts interval 15 threshold high 100 low 25link restart
To set a number of restart attempts and a restart delay for a link, use the link restart command in interface configuration mode. To disable the link restart function, use the no form of this command.
link restart [attempts attempts] [delay delay]
no link restart
Syntax Description
Command Default
Restart attempts and delays are not configured.
Command Modes
Interface configuration (config-if)
Command History
Usage Guidelines
The number of restart attempts is the maximum number of consecutive failed restart attempts allowed. The link is shut down if the high threshold has been reached or exceeded and if the restart mechanism is enabled. After a configurable restart delay, another attempt is made to restart the link. If all consecutive restart attempts fail, the link is shut down permanently and no more restart attempts are made.
If the number of restart attempts is set to zero (0), no attempt is made to restart the link after it has been shut down. The link has to be brought up again if parameter monitoring on the link needs to resume. Preset values are as follows:
•
•
•
The restart delay is the amount of time that software waits before it attempts to restart a link that was administratively shut down. Preset values are as follows:
•
•
•
If either the attempts or the delay argument is not explicitly configured, you will be prompted to reset the value to the default for that argument or to keep it as the previously set value. For this reset to occur, however, the previously set value must not be the default and you cannot set the value while you change other parameters.
If the attempts argument is configured as zero (0), the link will be shut down permanently the first time the high threshold is reached or crossed.
A link must be brought up by configuring the no shutdown command if link monitoring needs to be resumed and the link was brought down permanently by the restart function.
If the link has been brought down by the link monitoring feature and you enter the shutdown or no link restart commands before a restart attempt is made, the restart attempt will not be made and the link will remain down.
Examples
The following example shows how to set the number of restart attempts to 10 and the restart delay to 60:
Router(config)# interface ethernet 1/1Router(config-if)# link restart attempts 10 delay 60logging alarm
To enable the system to send alarm messages to logging devices and to configure the alarm severity threshold, use the logging alarm command in global configuration mode. To prevent the system from sending alarm messages to a logging device, use the no form of this command.
logging alarm [severity]
no logging alarm [severity]
Syntax Description
Command Default
Alarm messages are not sent to a logging device.
Command Modes
Global configuration (config)
Command History
Usage Guidelines
All alarms at and above the specified threshold generate alarm messages. If alarm severity is not specified, alarm messages for all alarm severity levels are sent to logging devices.
Examples
The following example sends messages only about critical alarms to logging devices:
Router(config)# logging alarm 1The following example sends messages about major and critical alarms to logging devices:
Router(config)# logging alarm majorRelated Commands
logging buffered
To enable system message logging to a local buffer, use the logging buffered command in global configuration mode. To cancel the use of the buffer, use the no form of this command. To return the buffer size to its default value, use the default form of this command.
logging buffered [discriminator discr-name] [buffer-size] [severity-level]
no logging buffered
default logging buffered
Syntax Description
Command Default
Varies by platform. For most platforms, logging to the buffer is disabled by default.
Command Modes
Global configuration (config)
Command History
Usage Guidelines
This command copies logging messages to an internal buffer. The buffer is circular in nature, so newer messages overwrite older messages after the buffer is filled.
Specifying a severity-level causes messages at that level and numerically lower levels to be logged in an internal buffer.
The optional discriminator keyword and discr-name argument provide another layer of filtering that you can use to control the type and number of syslog messages that you want to receive.
When you resize the logging buffer, the existing buffer is freed and a new buffer is allocated. To prevent the router from running out of memory, do not make the buffer size too large. You can use the show memory EXEC command to view the free processor memory on the router; however, the memory value shown is the maximum available and should not be approached. The default logging buffered command resets the buffer size to the default for the platform.
To display messages that are logged in the buffer, use the show logging command. The first message displayed is the oldest message in the buffer.
The show logging command displays the addresses and levels associated with the current logging setup and other logging statistics.
Table 27 shows a list of levels and corresponding syslog definitions.
Examples
The following example shows how to enable standard system logging to the local syslog buffer:
Router(config)# logging bufferedThe following example shows how to use a message discriminator named buffer1 to filter critical messages, meaning that messages at levels 0, 1, and 2 are filtered:
Router(config)# logging buffered discriminator buffer1 criticalRelated Commands
logging buffered filtered
To enable Embedded Syslog Manager (ESM) filtered system message logging to the standard syslog buffer, use the logging buffered filtered command in global configuration mode. To disable all logging to the buffer and return the size of the buffer to the default, use the no form of this command.
logging buffered filtered [severity-level]
no logging buffered filtered
Syntax Description
Command Default
Logging to the buffer is enabled.
ESM filtering of system logging messages sent to the buffer is disabled.
Command Modes
Global configuration (config)
Command History
Usage Guidelines
If standard logging has been disabled on your system (using the no logging on command), standard logging must be reenabled using the logging on command before using the logging buffered filtered command.
Standard logging is enabled by default, but filtering by the ESM is disabled by default.
ESM uses syslog filter modules, which are Tool Command Language (Tcl) script files stored locally or on a remote device. The syslog filter modules must be configured using the logging filter command before filtered output can be sent to the buffer.
When ESM filtering is enabled, all messages sent to the buffer have the configured syslog filter modules applied. To return to standard logging to the buffer, use the plain form of the logging buffered command (without the filtered keyword). To disabled all logging to the buffer, use the no logging buffered command, with or without the filtered keyword.
The buffer is circular, so newer messages overwrite older messages as the buffer is filled. To change the size of the buffer, use the logging buffered buffer-size command, then issue the logging buffered filtered command to start (or restart) filtered logging.
To display the messages that are logged in the buffer, use the show logging command in EXEC mode. The first message displayed is the oldest message in the buffer.
Examples
The following example shows how to enable ESM filtered logging to the buffer:
Router(config)# logging filter tftp://209.165.200.225/ESM/escalate.tclRouter(config)# logging filter slot0:/email.tcl user@example.comRouter(config)# logging buffer filteredRelated Commands
logging buffered xml
To enable system message logging (syslog) and send XML-formatted logging messages to the XML-specific system buffer, use the logging buffered xml command in global configuration mode. To disable the XML syslog buffer and return the size of the buffer to the default, use the no form of this command.
logging buffered xml [xml-buffer-size]
no logging buffered xml [xml-buffer-size]
Syntax Description
Defaults
XML formatting of system logging messages is disabled.
The default XML syslog buffer size is the same size as the standard syslog buffer.
Command Modes
Global configuration
Command History
Usage Guidelines
Standard logging is enabled by default, but XML-formatted system message logging is disabled by default. If standard logging has been disabled on your system (using the no logging on command), standard logging must be reenabled using the logging on command before using the logging buffered xml command.
The logging buffered xml command copies logging messages to an internal XML buffer. The XML syslog buffer is separate from the standard syslog buffer (created using the logging buffered command).
The buffer is circular, so newer messages overwrite older messages as the buffer is filled.
The severity level for logged messages is determined by the setting of the logging buffered command. If the logging buffered command has not been used, the default severity level for that command is used. The default severity level varies by platform, but is generally level 7 ("debugging"), meaning that messages at all severity levels (0 through 7) are logged. For more information on severity levels, see the documentation of the logging buffered command.
When you resize the logging buffer, the existing buffer is freed and a new buffer is allocated. Do not make the buffer size too large because the router could run out of memory for other tasks. You can use the show memory command in EXEC mode to view the free processor memory on the router; however, this value is the maximum available and should not be approached.
To return the size of the XML logging buffer to the default, use the no logging buffered xml command.
To display the messages that are logged in the buffer, use the show logging xml command in EXEC mode. The first message displayed is the oldest message in the buffer.
Examples
In the following example, the user enables logging to the XML syslog buffer and sets the XML syslog buffer size to 14 kilobytes:
Router(config)# logging buffered xml 14336Related Commands
logging cns-events
To enable extensible markup language (XML)-formatted system event message logging to be sent through the Cisco Networking Services (CNS) event bus, use the logging cns-events command in global configuration mode. To disable the ability to send system logging event messages through the CNS event bus, use the no form of this command.
logging cns-events [severity-level]
no logging cns-events
Syntax Description
Defaults
Level 7: debugging
Command Modes
Global configuration (config)
Command History
Usage Guidelines
Before you configure this command you must enable the CNS event agent with the cns event command because the CNS event agent sends out the CNS event logging messages. The generation of many CNS event logging messages can negatively impact the publishing time of standard CNS event messages that must be sent to the network.
If the debug cns event command is active when the logging cns-events command is configured, the logging of CNS events is disabled.
Examples
In the following example, the user enables XML-formatted CNS system error message logging to the CNS event bus for messages at levels 0 through 4:
Router(config)# logging cns-events 4Related Commands
cns event
Configures CNS event gateway, which provides CNS event services to Cisco IOS clients.
debug cns event
Displays CNS event agent debugging messages.
logging console
To send system logging (syslog) messages to all available TTY lines and limit messages based on severity, use the logging console command in global configuration mode. To disable logging to the console terminal, use the no form of this command.
logging console [discriminator discr-name] [severity-level]
no logging console
Syntax Description
Command Default
The default varies by platform. In general, the default is to log all messages.
Command Modes
Global configuration (config)
Command History
Usage Guidelines
The logging console command includes all the TTY lines in the device, not only the console TTY. For example, if you are running the debug ip rip command from a Telnet session to a VTY TTY on a router and you configure no logging console, the debugging messages will not appear in your Telnet command-line interface (CLI) session.
Specifying a level causes messages at that level and numerically lower levels to be sent to the console (TTY lines).
The optional discriminator keyword and discr-name argument provide another layer of filtering that you can use to control the type and number of syslog messages that you want to receive.
Caution
The show logging EXEC command displays the addresses and levels associated with the current logging setup and other logging statistics.
Table 28 shows a list of levels and corresponding syslog definitions.
Note
Examples
The following example shows how to change the level of messages sent to the console terminal (TTY lines) to alerts, meaning that messages at levels 0 and 1 are sent:
Router(config)# logging console alertsThe following example shows how to use a discriminator named msglog1 to filter alerts, meaning that messages at levels 0 and 1 are filtered:
Router(config)# logging console discriminator msglog1 alertsRelated Commands
access-list (extended)
Defines an extended XNS access list.
logging facility
Configures the syslog facility in which error messages are sent.
logging console filtered
To enable Embedded Syslog Monitor (ESM) filtered system message logging to the console connections, use the logging console filtered command in global configuration mode. To disable all logging to the console connections, use the no form of this command.
logging console filtered [severity-level]
no logging console
Syntax Description
Command Default
Logging to the console is enabled.
ESM filtering of system logging messages sent to the console is disabled.
Command Modes
Global configuration (config)
Command History
Usage Guidelines
If standard logging has been disabled on your system (using the no logging on command), standard logging must be reenabled using the logging on command before using the logging console filtered command.
Standard logging is enabled by default, but filtering by the ESM is disabled by default.
ESM uses syslog filter modules, which are Tool Command Language (Tcl) script files stored locally or on a remote device. The syslog filter modules must be configured using the logging filter command before system logging messages can be filtered.
When ESM filtering is enabled, all messages sent to the console have the configured syslog filter modules applied. To disable filtered logging to the console and return to standard logging, use the standard logging console command (without the filtered keyword). To disable all logging to the console, use the no logging console command, with or without the filtered keyword.
Examples
The following example shows how to enable ESM filtered logging to the console for severity levels 0 through 3:
Router(config)# logging filter tftp://209.165.200.225/ESM/escalate.tclRouter(config)# logging filter slot0:/email.tcl user@example.comRouter(config)# logging console filtered 3Related Commands
logging console guaranteed
To guarantee the system message logging to the console, use the logging console guaranteed command in global configuration mode. To disable guaranteed logging to the console, use the no form of this command.
logging console guaranteed
no logging console guaranteed
Syntax Description
This command has no arguments or keywords.
Command Default
Guaranteed logging to the console is enabled by default.
Command Modes
Global configuration (config)
Command History
Usage Guidelines
Guaranteed output of debugging information is useful. By default, guaranteed system message logging to the console is enabled.
If the amount of console debugging is too large, Cisco IOS software will periodically stop all functions except providing the debug message output. This guaranteed output of debugging information can be useful, but it can also cause certain time-critical functions of Cisco IOS software to fail. To disable the guarantee of console logging, use the no form of the command.
Note
Examples
The following example shows how to enable the guaranteed console logging:
Router(config)# logging console guaranteedRelated Commands
logging console xml
To enable XML-formatted system message logging to the console connections, use the logging console xml command in global configuration mode. To disable all logging to the console connections, use the no form of this command.
logging console xml [severity-level]
no logging console xml
Syntax Description
Defaults
Logging to the console is enabled.
XML-formatted logging to the console is disabled.
The default severity level varies by platform, but is generally level 7 (messages at levels 0 through 7 are logged).
Command Modes
Global configuration
Command History
Usage Guidelines
To return system logging messages to standard text (without XML formatting), issue the standard logging console command (without the xml keyword extension).
Examples
In the following example, the user enables XML-formatted system message logging to the console for messages at levels 0 through 4:
Router(config)# logging console xml 4Related Commands
show logging xml
Displays the state of XML-formatted system message logging, followed by the contents of the XML syslog buffer.
logging count
To enable the error log count capability, use the logging count command in global configuration mode. To disable the error log count capability, use the no form of this command.
logging count
no logging count
Syntax Description
This command has no arguments or keywords.
Defaults
This command is disabled.
Command Modes
Global configuration
Command History
Usage Guidelines
The logging count command counts every syslog message and time-stamps the occurrence of each message.
Examples
In the following example, syslog messages are logged to the system buffer and the logging count capability is enabled:
Router(config)# logging buffered notificationsRouter(config)# logging countRouter(config)# endRouter# show logging countFacility Message Name Sev Occur Last Time=============================================================================SYS BOOTTIME 6 1 00:00:12SYS RESTART 5 1 00:00:11SYS CONFIG_I 5 3 1d00h------------- ------------------------------- -----------------------------SYS TOTAL 5LINEPROTO UPDOWN 5 13 00:00:19------------- ------------------------------- -----------------------------LINEPROTO TOTAL 13LINK UPDOWN 3 1 00:00:18LINK CHANGED 5 12 00:00:09------------- ------------------------------- -----------------------------LINK TOTAL 13SNMP COLDSTART 5 1 00:00:11------------- ------------------------------- -----------------------------SNMP TOTALRelated Commands
logging delimiter tcp
To append a line feed character at the end of each syslog message over TCP as delimiter, use the logging delimiter tcp command. To turn off the delimiter for Syslog over TCP, use the no form of this command.
logging delimiter tcp
no logging delimiter tcp
Syntax Description
This command has no arguments or keywords.
Command Default
By default, the logging delimiter tcp function is enabled.
Command Modes
Global configuration (config)
Command History
Usage Guidelines
You can use the logging delimiter tcp to append a line feed character at the end of each syslog message over TCP as the delimiter.
Since TCP is a stream protocol, the delimiter helps the external TCP syslog listeners to accurately detect the end of each syslog message from the incoming TCP stream. In case the external TCP Syslog listeners do not work well with the delimiter, use the no form of this command to turn it off.
Examples
The following example shows how to enable the delimiter for Syslog over TCP.
Router(config)# logging delimiter tcpThe following example shows how to disable the delimiter for Syslog over TCP.Router(config)# no logging delimiter tcplogging discriminator
To create a syslog message discriminator, use the logging discriminator command in global configuration mode. To disable the syslog message discriminator, use the no form of this command.
logging discriminator discr-name [[facility] [mnemonics] [msg-body] {drops string | includes string}] [severity {drops sev-num | includes sev-num}] [rate-limit msglimit]
no logging discriminator discr-name
Syntax Description
Command Default
The logging discriminator function is disabled.
Command Modes
Global configuration (config)
Command History
Usage Guidelines
If you enter a discriminator name that was previously specified, your entry is treated as a modification to the discriminator. The modification becomes effective when the configuration is completed. All associated sessions will use the modified value. When you remove a discriminator, the associations of all entries in the logging host list are removed.
When you issue the no logging discriminator command and the discriminator name is not found, an error message is generated. If the discriminator name is valid and actively associated with syslog sessions, the effect is immediate; the next syslog message to be processed will go through.
Subfilters are checked in the following order. If a message is dropped by any of the subfilters, the remaining checks are skipped.
1.
2.
3.
4.
5.
Examples
The following example shows how to enable the logging discriminator named msglog01 to filter messages with a severity level of 5.
Router(config)# logging discriminator msglog01 severity includes 5Related Commands
logging monitor
Enables system message logging to the terminal lines (monitor connections).
logging exception
To limit the size of the exception flush output, use the logging exception command in global configuration mode. To disable the limit on the size of exception flush output, use the no form of this command.
logging exception size
no logging exception
Syntax Description
Command Default
The default size of the logging exception flush output depends on your platform and platform hardware.
Command Modes
Global configuration (config)
Command History
Examples
The following example shows how to set the size of the logging exception flush output to 4098 bytes:
Router> enableRouter# configure terminalRouter(config)# logging exception 4098Related Commands
show logging
Displays the state of system logging and the contents of the standard system logging buffer.
logging facility
To configure the syslog facility in which error messages are sent, use the logging facility command in global configuration mode. To revert to the default of local7, use the no form of this command.
logging facility facility-type
no logging facility
Syntax Description
facility-type
Syslog facility. See the "Usage Guidelines" section of this command reference entry for descriptions of acceptable keywords.
Defaults
local7
Command Modes
Global configuration
Command History
Usage Guidelines
Table 29 describes the acceptable keywords for the facility-type argument.
Examples
In the following example, the user configures the syslog facility to the kernel facility type:
Router(config)# logging facility kernRelated Commands
logging filter
To specify a syslog filter module to be used by the Embedded Syslog Manager (ESM), use the logging filter command in global configuration mode. To remove a module from the filter chain, use the no form of this command.
logging filter filter-url [position] [args filter-arguments]
no logging filter filter-url
Syntax Description
Command Default
No ESM filters are applied to system logging messages.
Command Modes
Global configuration (config)
Command History
Usage Guidelines
Use this command to enable the Embedded Syslog Manager by specifying the filter that should be applied to logging messages generated by the system. Repeat this command for each syslog filter module that should be used.
Syslog filter modules are Tool Command Language (Tcl) script files. These files can be stored as plain text files (.txt) or as precompiled Tcl scripts (.tcl). When positioning (ordering) the modules, keep in mind that the output of each filter module is used as input for the next filter module in the chain.
By default, syslog filter modules are executed in the order in which they appear in the system configuration file. The position argument can be used to order the filter modules manually. Filter modules can also be reordered at any time by reentering the logging filter command and specifying a different position for a given filter module.
The optional args filter-arguments syntax can be added to pass arguments to the specified filter. Multiple arguments can be specified. The number and type of arguments should be defined in the syslog filter module. For example, if the syslog filter module is designed to accept a specific e-mail address as an argument, you could pass the e-mail address using the args user@host.com syntax. Multiple arguments are typically delimited by spaces.
To remove a module from the list of modules to be executed, use the no form of this command. Modules not referenced in the configuration will not be executed, regardless of their "position" number.
Examples
The following example shows how to enable ESM filtered logging to the console for severity levels 0 through 3:
Router(config)# logging filter tftp://209.165.200.225/ESM/escalate.tclRouter(config)# logging filter slot0:/email.tcl user@example.comRouter(config)# logging filter slot0:/email_guts.tclRouter(config)# logging console filtered 3Related Commands
logging history
To limit syslog messages sent to the router's history table and to an SNMP network management station based on severity, use the logging history command in global configuration mode. To return the logging of syslog messages to the default level, use the no form of this command with the previously configured severity level argument.
logging history [severity-level-name | severity-level-number]
no logging history [severity-level-name | severity-level-number]
Syntax Description
Defaults
Logging of error messages of severity levels 0 through 4 (emergency, alert, critical, error, and warning levels); in other words, "saving level warnings or higher."
Command Modes
Global configuration
Command History
Usage Guidelines
The sending of syslog messages to an SNMP network management station (NMS) occurs when you enable syslog traps with the snmp-server enable traps syslog global configuration mode command.
Because SNMP traps are potentially unreliable, at least one syslog message, the most recent message, is stored in a history table on the router. The history table, which contains table size, message status, and message text data, can be viewed using the show logging history command. The number of messages stored in the table is governed by the logging history size global configuration mode command.
Severity levels are numbered 0 through 7, with 0 being the highest severity level and 7 being the lowest severity level (that is, the lower the number, the more critical the message). Specifying a level causes messages at that severity level and numerically lower levels to be stored in the router's history table and sent to the SNMP network management station. For example, specifying the level critical causes messages as the critical (3), alert (2), and emergency (1) levles to be saved to the logging history table.
Table 30 provides a description of logging severity levels, listed from higest severity to lowest severity, and the arguments used in the logging history command syntax. Note that you can use the level name or the level number as the level argument in this command.
Examples
In the following example, the system is initially configured to the default of saving severity level 4 or higher. The logging history 1 command is used to configure the system to save only level 1 (alert) and level 0 (emergency) messages to the logging history table, and, by extension, to send only these levels in the SNMP notifications. The configuration is then confirmed using the show logging history command.
Router# show logging historySyslog History Table:10 maximum table entries,! The following line shows that system-error-message-logging is set to the! default level of "warnings" (4).saving level warnings or higher23 messages ignored, 0 dropped, 0 recursion drops1 table entries flushedSNMP notifications not enabledentry number 2 : LINK-3-UPDOWNInterface FastEthernet0, changed state to uptimestamp: 2766Router# configure terminalEnter configuration commands, one per line. End with CNTL/Z.Router(config)# logging history 1Router(config)# snmp-server enable traps syslogRouter(config)# endRouter#4w0d: %SYS-5-CONFIG_I: Configured from console by consoleRouter# show logging historySyslog History Table:1 maximum table entries,! The following line indicates that `logging history level 1' (alerts) is configured.saving level alerts or higher18 messages ignored, 0 dropped, 0 recursion drops1 table entries flushedSNMP notifications enabled, 0 notifications sententry number 2 : LINK-3-UPDOWNInterface FastEthernet0, changed state to uptimestamp: 2766Router#Related Commands
logging history size
To change the number of syslog messages stored in the router's history table, use the logging history size command in global configuration mode. To return the number of messages to the default value, use the no form of this command.
logging history size number
no logging history size
Syntax Description
number
Number from 1 to 500 that indicates the maximum number of messages stored in the history table. The default is one message.
Defaults
One message
Command Modes
Global configuration
Command History
Usage Guidelines
When the history table is full (that is, it contains the maximum number of message entries specified with the logging history size command), the oldest message entry is deleted from the table to allow the new message entry to be stored.
Examples
In the following example, the user sets the number of messages stored in the history table to 20:
logging history size 20Related Commands
logging host
To log system messages and debug output to a remote host, use the logging host command in global configuration mode. To remove a specified logging host from the configuration, use the no form of this command.
logging host {{ip-address | hostname} [vrf vrf-name] | ipv6 {ipv6-address | hostname}} [discriminator discr-name | [[filtered [stream stream-id] | xml]] [transport {[beep [audit] [channel chnl-number] [sasl profile-name] [tls cipher [cipher-num] trustpoint trustpt-name]]] | tcp [audit] | udp} [port port-num]] [sequence-num-session] [session-id {hostname | ipv4 | ipv6 | string custom-string}]
no logging host {{ip-address | hostname} | ipv6 {ipv6-address | hostname}}
Syntax Description
Command Default
System logging messages are not sent to any remote host.
When this command is entered without the xml or filtered keyword, messages are sent in the standard format.Command Modes
Global configuration (config)
Command History
Usage Guidelines
Standard system logging is enabled by default. If logging is disabled on your system (using the no logging on command), you must enter the logging on command to reenable logging before you can use the logging host command.
The logging host command identifies a remote host (usually a device serving as a syslog server) to receive logging messages. By issuing this command more than once, you can build a list of hosts that receive logging messages.
To specify the severity level for logging to all hosts, use the logging trap command.
Use the vrf vrf-name keyword and argument to enable a syslog client (a provider edge [PE] router) to send syslog messages to a syslog server host connected through a VRF interface. To delete the configuration of the syslog server host from the VRF, use the no logging host command with the vrf vrf-name keyword and argument.
When XML-formatted syslog is enabled using the logging host command with the xml keyword, messages are sent to the specified host with the system-defined XML tags. These tags are predefined and cannot be configured by a user. XML formatting is not applied to debug output.
If you are using the ESM feature, you can enable ESM-filtered syslog messages to be sent to one or more hosts using the logging host filtered command. To use the ESM feature, you must first specify the syslog filter modules that should be applied to the messages using the logging filter command. See the description of the logging filter command for more information about the ESM feature.
Note
Using the BEEP transport protocol, you can have reliable and secure delivery for syslog messages and configure multiple sessions over eight BEEP channels. The sasl profile-name, tls cipher cipher-num, trustpoint trustpt-name keywords and arguments are available only in crypto images.
To configure standard logging to a specific host after configuring XML-formatted or ESM-filtered logging to that host, use the logging host command without the xml or filtered keyword. Issuing the standard logging host command replaces an XML- or ESM- filtered logging host command, and vice versa, if the same host is specified.
You can configure the system to send standard messages to one or more hosts, XML-formatted messages to one or more hosts, and ESM-filtered messages to one or more hosts by repeating this command as many times as desired with the appropriate syntax. (See the "Examples" section.)
When the no logging host command is issued with or without the optional keywords, all logging to the specified host is disabled.
Examples
In the following example, messages at severity levels 0 (emergencies) through 5 (notifications) (logging trap command severity levels) are logged to a host at 192.168.202.169:
Router(config)# logging host 192.168.202.169Router(config)# logging trap 5In the following example, standard system logging messages are sent to the host at 192.168.200.225, XML-formatted system logging messages are sent to the host at 192.168.200.226, ESM-filtered logging messages with the stream 10 value are sent to the host at 192.168.200.227, and ESM-filtered logging messages with the stream 20 value are sent to host at 192.168.202.129:
Router(config)# logging host 192.168.200.225Router(config)# logging host 192.168.200.226 xmlRouter(config)# logging host 192.168.200.227 filtered stream 10Router(config)# logging host 192.168.202.129 filtered stream 20In the following example, messages are logged to a host with an IP address of 172.16.150.63 connected through a VRF named vpn1:
Router(config)# logging host 172.16.150.63 vrf vpn1In the following example, the default UDP on an IPv6 server is set because no port number is specified. The default port number of 514 is used:
Router(config)# logging host ipv6 AAAA:BBBB:CCCC:DDDD::FFFFIn the following example, TCP port 1774 on an IPv6 server is set:
Router(config)# logging host ipv6 BBBB:CCCC:DDDD:FFFF::1234 transport tcp port 1774In the following example, the UDP port default is used on an IPv6 server with a hostname of v6-hostname:
Router(config)# logging host ipv6 v6-hostname transport udp port 514In the following example, a message discriminator named fltr1 is specified as well as the BEEP protocol for port 600 and channel 3.
Router(config)# logging host host2 dicriminator fltr1 transport beep channel 3 port 600Related Commands
logging linecard
To log messages to an internal buffer on a line card, use the logging linecard command in global configuration mode. To cancel the use of the internal buffer on the line cards, use the no form of this command.
logging linecard [size | level]
no logging linecard
Syntax Description
Defaults
The Cisco IOS software logs messages to the internal buffer on the GRP card.
Command Modes
Global configuration
Command History
Usage Guidelines
Specifying a message level causes messages at that level and numerically lower levels to be stored in the internal buffer on the line cards.
Table 31 lists the message levels and associated numerical level. For example, if you specify a message level of critical, all critical, alert, and emergency messages will be logged.
Table 31 Message Levels
emergencies
0
alerts
1
critical
2
errors
3
warnings
4
notifications
5
informational
6
debugging
7
To display the messages that are logged in the buffer, use the show logging slot EXEC command. The first message displayed is the oldest message in the buffer.
Do not make the buffer size too large because the router could run out of memory for other tasks. You can use the show memory EXEC command to view the free processor memory on the router; however, this is the maximum available and should not be approached.
Examples
The following example enables logging to an internal buffer on the line cards using the default buffer size and logging warning, error, critical, alert, and emergency messages:
Router(config)# logging linecard warningsRelated Commands
clear logging
Clears messages from the logging buffer.
show logging
Displays the state of logging (syslog).
logging message-counter
To enable logging of debug, log, or syslog messages, use the logging message-counter command in global configuration mode. To disable logging for these message types, use the no form of this command.
logging message-counter {debug | log | syslog}
no logging message-counter {debug | log | syslog}
Syntax Description
Command Default
The logging message counter function is disabled.
Command Modes
Global configuration (config)
Command History
Usage Guidelines
Use this command to help identify where event messages are being dropped because of rate limiting or to exclude the syslog counter from a syslog message.
Examples
The following example shows how to enable the syslog message counter:
Router(config)# logging message-counter sysloglogging monitor
To enable system message logging to the terminal lines (monitor connections), use the logging monitor command in global configuration mode. To disable logging to terminal lines other than the console line, use the no form of this command.
logging monitor [discriminator discr-name] [severity-level]
no logging monitor
Syntax Description
Command Default
The logging monitor function is disabled.
Command Modes
Global configuration (config)
Command History
Usage Guidelines
Specifying a severity-level causes messages both at that level and at numerically lower levels to be displayed to the monitor. Table 32 shows a list of levels and corresponding syslog definitions.
Examples
The following example shows how to specify that messages at levels 3 (errors), 2 (critical), 1 (alerts), and 0 (emergencies) be logged to monitor connections:
Router(config)# logging monitor 3The following example shows how to use a discriminator named monitor1 to filter critical messages, meaning that messages at levels 0, 1, and 2 are filtered:
Router(config)# logging monitor discriminator monitor1 criticalRelated Commands
logging monitor filtered
To enable Embedded Syslog Manager (ESM) filtered system message logging to monitor connections, use the logging monitor filtered command in global configuration mode. To disable all logging to the monitor connections, use the no form of this command.
logging monitor filtered [severity-level]
no logging monitor filtered
Syntax Description
Command Default
Logging to monitor connections is enabled.
ESM filtering of system logging messages sent to the monitor connections is disabled.
Command Modes
Global configuration (config)
Command History
Usage Guidelines
The monitor keyword specifies the TTY (TeleTYpe) line connections at all line ports. TTY lines (also called ports) communicate with peripheral devices such as terminals, modems, and serial printers. An example of a TTY connection is a PC with a terminal emulation program connected to the device using a dial-up modem, or a Telnet connection.
Standard logging is enabled by default, but filtering by the ESM is disabled by default. If standard logging has been disabled on your system (using the no logging on command), standard logging must be reenabled using the logging on command before using the logging monitor filtered command.
ESM uses syslog filter modules, which are Tool Command Language (Tcl) script files stored locally or on a remote device. The syslog filter modules must be configured using the logging filter command before system logging messages can be filtered.
When ESM filtering is enabled, all messages sent to the monitor have the configured syslog filter modules applied. To disable filtered logging to the monitor and return to standard logging, issue the standard logging monitor command (without the filtered keyword). To disable all logging to the monitor connections, use the no logging monitor command, with or without the filtered keyword.
Examples
The following example shows how to enable ESM filtered logging to the monitor connections:
Router(config)# logging filter tftp://209.165.200.225/ESM/escalate.tclRouter(config)# logging filter slot0:/email.tcl user@example.comRouter(config)# logging monitor filteredRelated Commands
logging monitor xml
To enable XML-formatted system message logging to monitor connections, use the logging console xml command in global configuration mode. To disable all logging to the monitor connections, use the no form of this command.
logging monitor xml [severity-level]
no logging monitor xml
Syntax Description
Defaults
Logging to monitor connections is enabled.
XML-formatted logging to monitor connections is disabled.
The default severity level varies by platform, but is generally level 7 (messages at levels 0 through 7 are logged).
Command Modes
Global configuration
Command History
Usage Guidelines
The monitor keyword specifies the tty line connections at all line ports. The tty lines (also called ports) communicate with peripheral devices such as terminals, modems, and serial printers. An example of a tty connection is a PC with a terminal emulation program connected to the device using a dial-up modem, or a Telnet connection.
To return system logging messages to standard text (without XML formatting), issue the standard logging monitor command (without the xml keyword extension).
Examples
In the following example, the user enables XML-formatted system message logging to the console for messages at levels 0 through 4 and XML-formatted system message logging to tty line connections at the default severity level:
Router(config)# logging console xml 4Router(config)# logging monitor xmlRelated Commands
logging on
To enable logging of system messages, use the logging on command in global configuration mode. This command sends debug or error messages to a logging process, which logs messages to designated locations asynchronously to the processes that generated the messages. To disable the logging process, use the no form of this command.
logging on
no logging on
Syntax Description
This command has no arguments or keywords.
Defaults
The Cisco IOS software sends messages to the asynchronous logging process.
Command Modes
Global configuration
Command History
Usage Guidelines
The logging process controls the distribution of logging messages to the various destinations, such as the logging buffer, terminal lines, or syslog server. System logging messages are also known as system error messages. You can turn logging on and off for these destinations individually using the logging buffered, logging monitor, and logging global configuration commands. However, if the logging on command is disabled, no messages will be sent to these destinations. Only the console will receive messages.
Additionally, the logging process logs messages to the console and the various destinations after the processes that generated them have completed. When the logging process is disabled, messages are displayed on the console as soon as they are produced, often appearing in the middle of command output.
Caution
The logging synchronous line configuration command also affects the displaying of messages to the console. When the logging synchronous command is enabled, messages will appear only after the user types a carriage return.
Examples
The following example shows command output and message output when logging is enabled. The ping process finishes before any of the logging information is printed to the console (or any other destination).
Router(config)# logging onRouter(config)# endRouter#%SYS-5-CONFIG_I: Configured from console by consoleRouter# ping dirtType escape sequence to abort.Sending 5, 100-byte ICMP Echos to 172.16.1.129, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 4/5/8 msRouter#IP: s=172.21.96.41 (local), d=172.16.1.129 (Ethernet1/0), len 100, sendingIP: s=171.69.1.129 (Ethernet1/0), d=172.21.96.41, len 114, rcvd 1IP: s=172.21.96.41 (local), d=172.16.1.129 (Ethernet1/0), len 100, sendingIP: s=171.69.1.129 (Ethernet1/0), d=172.21.96.41, len 114, rcvd 1IP: s=172.21.96.41 (local), d=172.16.1.129 (Ethernet1/0), len 100, sendingIP: s=171.69.1.129 (Ethernet1/0), d=172.21.96.41, len 114, rcvd 1IP: s=172.21.96.41 (local), d=172.16.1.129 (Ethernet1/0), len 100, sendingIP: s=171.69.1.129 (Ethernet1/0), d=172.21.96.41, len 114, rcvd 1IP: s=172.21.96.41 (local), d=172.16.1.129 (Ethernet1/0), len 100, sendingIP: s=171.69.1.129 (Ethernet1/0), d=172.21.96.41, len 114, rcvd 1In the following example, logging is disabled. The message output is displayed as messages are generated, causing the debug messages to be interspersed with the message "Type escape sequence to abort."
Router(config)# no logging onRouter(config)# end%SYS-5-CONFIG_I: Configured from console by consoleRouter#Router# ping dirtIP: s=172.21.96.41 (local), d=172.16.1.129 (Ethernet1/0), len 100, sendingTypIP: s=171.69.1.129 (Ethernet1/0), d=172.21.96.41, len 114, rcvd 1eIP: s=172.21.96.41 (local), d=172.16.1.129 (Ethernet1/0), len 100, sending escIP: s=171.69.1.129 (Ethernet1/0), d=172.21.96.41, len 114, rcvd 1IP: s=172.21.96.41 (local), d=172.16.1.129 (Ethernet1/0), len 100, sendingapeIP: s=171.69.1.129 (Ethernet1/0), d=172.21.96.41, len 114, rcvd 1IP: s=172.21.96.41 (local), d=172.16.1.129 (Ethernet1/0), len 100, sendingseIP: s=171.69.1.129 (Ethernet1/0), d=172.21.96.41, len 114, rcvd 1IP: s=172.21.96.41 (local), d=172.16.1.129 (Ethernet1/0), len 100, sendingquenIP: s=171.69.1.129 (Ethernet1/0), d=172.21.96.41, len 114, rcvd 1ce to abort.Sending 5, 100-byte ICMP Echos to 172.16.1.129, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 152/152/156 msRouter#Related Commands
logging origin-id
To add an origin identifier to system logging messages sent to remote hosts, use the logging origin-id command in global configuration mode. To disable the origin identifier, use the no form of this command.
logging origin-id {hostname | ip | ipv6 | string user-defined-id}
no logging origin-id
Syntax Description
Command Default
This command is disabled.
Command Modes
Global configuration (config)
Command History
Usage Guidelines
The origin identifier is added to the beginning of all system logging (syslog) messages sent to remote hosts. The identifier can be the hostname, the IP address, the IPv6 address, or any text that you specify. The origin identifier is not added to messages sent to local destinations (the console, monitor, or buffer).
The origin identifier is useful for identifying the source of system logging messages in cases where you send syslog output from multiple devices to a single syslog host.
When you specify your own identification string using the logging origin-id string user-defined-id command, the system expects a string without spaces. For example:
Router(config)# logging origin-id string Cisco_SystemsTo use spaces (multiple words) or additional syntax, enclose the string with quotation marks (" "). For example:
Router(config)# logging origin-id string "Cisco Systems, Inc."Examples
In the following example, the origin identifier "Domain 1, router B" will be added to the beginning of all system logging messages sent to remote hosts:
Router(config)# logging origin-id string Domain 1, router BIn the following example, all logging messages sent to remote hosts will have the IP address configured for serial interface 1 added to the beginning of the message:
Router(config)# logging host 209.165.200.225Router(config)# logging trap 5Router(config)# logging source-interface serial 1Router(config)# logging origin-id ipRelated Commands
logging persistent
To enable the storage of logging messages on the router's advanced technology attachment (ATA) disk, use the logging persistent command in global configuration mode. To disable logging message storage on the ATA disk, use the no form of this command.
logging persistent [batch batch-size] [filesize logging-file-size] [immediate] [notify] [protected] [size filesystem-size] [threshold threshold-capacity [alert]] [url {disk0:/directory | disk1:/directory}]
no logging persistent
Syntax Description
Command Default
The logging messages are not stored in the router's ATA memory.
Command Modes
Global configuration (config)
Command History
Usage Guidelines
The logging persistent command enables the storage of syslog data on the router's ATA flash disk. Because the syslog data must be copied from the router's internal memory buffer, you must enable the logging buffered command prior to enabling the logging persistent command.
The filename format of log files is log_MM:DD:YYYY::hh:mm:ss. For example, log_06:10:2008::07:42:14. For Release 12.4(20)T and later releases, the filename format is changed to: log_YYYYMMDD-hhmmss. For example, log_20080610-074214.
Note
Note
In the common criteria compliant environment, the logging persistent command is accessible only to the administrator and the audit administrator. The common criteria restrict access to audit information, such as syslog records, to the administrator. The audit administrator alone is allowed to create a persistent logging repository and remove the log files. Use the logging persistent protected command to enable the protected mode of Cisco IOS logging subsystem operation. Once this operation is enabled, access to the persistent audit information is denied to the users of copy, delete, more, and rename generic Cisco IOS commands. The commands format, erase, and partition have no effect if audit information is present on the target device of these commands.
If the immediate keyword is specified, the syslog issues an instruction to immediately write the new audit entry to the log file. If the immediate keyword is not specified, the Cisco IOS peristent logging behavior does not change. By default, the unbuffered mode of operation is turned off.
If a threshold capacity value is not set, the logging policy adheres to a default circular behavior. When the log capacity is reached, the oldest log records are overwritten. Setting a threshold capacity value enables a lossless logging policy.
When the set threshold capacity is reached, the logger issues an alarm for the severity level set in the current logging policy and executes that current logging policy.
Use the logging persistent notify command to create audit trails for administrators who review the audit records. In the common criteria environment, only the administrator can use this command.
Examples
The following example shows how to write up to 134,217,728 bytes (128 MB) of logging messages to the syslog directory of disk 0, with a file size of 16,384 bytes and a batch size of 5098 bytes:
Router(config)# logging bufferedRouter(config)# logging persistent url disk0:/syslog batch filesize 16384 5098 size 134217728The following example shows how to enable protected mode of logging subsystem operation with a threshold capacity of 25 percent.
Router> enableRouter# configure terminalRouter(config)# logging persistent protected threshold 25Router(config)# exitThe following example shows the error message being displayed if the user tries to copy files from and to the log directory when the protected mode is enabled on the logging subsystem:
Router# copy log__persistent_12_22_2007__06_44_05 xxx%Error parsing filename (Unknown error 0)Related Commands
logging persistent move
To move logging persistent files from one directory to another, use the logging persistent move command in privileged EXEC mode.
logging persistent move [src-url filesystem:/directory] dst-url filesystem:/directory [verbose]
Syntax Description
Command Modes
Privileged EXEC (#)
Command History
Usage Guidelines
When an audit log is configured on a fixed memory device such as a hard disk or when physical access to the system is not available, the audit administrator can use the logging persistent move command to move files from the audit directory to a designated location. The logging persistent move command organizes the existing log files based on the time of creation and copies one log file at a time to the destination location. If no source location is specified, the log files are moved from the default source location. The default source destination can be specified by using the logging persistent command. The log file at the source destination is deleted after the copy is complete.
This command displays a syslog message when the archiving operation begins.
Examples
The following example shows how to move files from the default logging peristent directory to another directory:
Router# logging persistent move dst-url usb0:audit_log_1Move persistent logging files from usb0:/audit_log to usb0:/audit_log_1 ? [confirm]000060: *Jul 26 06:18:17.428: %SYS-6-LOGGING_MOVE: User lab has activated the logging persistent move command.39 files out of 39 moved from usb0:/audit_log to usb0:/audit_log_1The following example shows how to move files from the specified logging persistent directory to another directory:
Router# logging persistent move src-url usb0:audit_log_1 dst-url obfl:audit_logMove persistent logging files from usb0:/audit_log_1 to obfl:/audit_log ? [confirm]000061: *Jul 26 06:45:40.691: %SYS-6-LOGGING_MOVE: User lab has activated the logging persistent move command.39 files out of 39 moved from usb0:/audit_log_1 to obfl:/audit_logThe following example shows how to move files from the source directory to the destination directory with the verbose option enabled:
Router# logging persistent move src-url obfl:audit_log dst-url obfl:audit_log_1 verboseMove persistent logging files from obfl:/audit_log to obfl:/audit_log_1 ? [confirm]000062: *Jul 26 06:50:15.795: %SYS-6-LOGGING_MOVE: User lab has activated the logging persistent move command.File log_20090723-063200 moved from obfl:/audit_log URL to obfl:/audit_log_1 URL.File log_20090723-065111 moved from obfl:/audit_log URL to obfl:/audit_log_1 URL.File log_20090723-071610 moved from obfl:/audit_log URL to obfl:/audit_log_1 URL.File log_20090723-102105 moved from obfl:/audit_log URL to obfl:/audit_log_1 URL.File log_20090723-103316 moved from obfl:/audit_log URL to obfl:/audit_log_1 URL.File log_20090723-110747 moved from obfl:/audit_log URL to obfl:/audit_log_1 URL.File log_20090723-110928 moved from obfl:/audit_log URL to obfl:/audit_log_1 URL.File log_20090723-111044 moved from obfl:/audit_log URL to obfl:/audit_log_1 URL.File log_20090723-111157 moved from obfl:/audit_log URL to obfl:/audit_log_1 URL.9 files out of 9 moved from obfl:/audit_log to obfl:/audit_log_1Related Commands
logging persistent
Enables the storage of logging messages on the router's ATA disk.
logging queue-limit
To control how much system memory may be used for queued log messages, use the logging queue-limit command in global configuration mode. To permit unlimited use of memory for queued log messages, use the no form of this command.
logging queue-limit [queuesize | trap queuesize | esm queuesize]
no logging queue-limit
Syntax Description
Command Default
100 messages
Note
•
•
•
•
Command Modes
Global configuration
Command History
12.4(8)
This command was introduced.
12.4(9)T
This command was integrated into Cisco IOS Release 12.4(9)T.
Usage Guidelines
The size of the logging queue affects system memory. In the logging queue, each message has its own memory object. The more messages being queued, the less memory is available for other components of the system to share.
Tuning the queue size is sometimes required when Cisco technical support staff needs to reduce the possibility that logging messages are dropped because the event messages are bursty. The logging queue-limit command is meant for use by Cisco technical support staff assisting on a field-critical case to ensure critical messages are not dropped because of a smaller default queue size.
Customers are discouraged from tuning the message queue size if they have not first contacted the Cisco Technical Support Center (TAC).
Caution
When the logging queue-limit command is used to reset the logging queue to the default size, it also resets the trap and ESM queues to their default sizes.
Examples
The following example sets the logging queue to the system default size:
Router(config)# logging queue-limitThe following example sets the logging queue to 1000 queue entries:
Router(config)# logging queue-limit 1000The following example removes all logging queue limits:
Router(config)# no logging queue-limitThe following example sets the logging queue size at 1000 for messages sent to the ESM:
Router(config)# logging queue-limit esm 1000The following example sets the logging queue size to 1000 for messages sent to an external syslog:
Router(config)# logging queue-limit trap 1000Related Commands
logging rate-limit
To limit the rate of messages logged per second, use the logging rate-limit command in global configuration mode. To disable the limit, use the no form of this command.
logging rate-limit {number | all number | console {number | all number}} [except severity]
no logging rate-limit
Syntax Description
Command Default
The default is 10 messages logged per second.
Command Modes
Global configuration
Command History
Usage Guidelines
The logging rate-limit command controls the output of messages from the system. Use this command to avoid a flood of output messages. You can select the severity of the output messages and the output rate by using the logging rate-limit command. You can issue the logging rate-limit command at any time. System performance is not negatively affected and may improve when severities and rates of output messages are specified.
You can use logging rate-limit command with or without the logging synchronous line configuration command. For example, if you want to see all severity 0, 1, and 2 messages, use the no logging synchronous command and specify logging rate-limit 10 except 2. By using the two commands together, you cause all messages of 0, 1, and 2 severity to print and limit the less severe ones (higher number than 2) to only 10 per second.
Table 33 shows the numeric severity level, equivalent meaning in text, and a description for error messages.
Cisco 10000 Series Router
To avoid CPU overload and router instability, use the logging rate-limit command to limit the rate at which the Cisco 10000 series router logs system messages. To increase the Point-to-Point Protocol call rate, you can turn off console logging completely using the no logging console command.
Examples
The following example shows how to limit message output to 200 per second:
Router(config)# logging rate-limit 200Related Commands
logging source-interface
To specify the source IPv4 or IPv6 address of system logging packets, use the logging source-interface command in global configuration mode. To remove the source designation, use the no form of this command.
logging source-interface type number
no logging source-interface
Syntax Description
Command Default
The wildcard interface address is used.
Command Modes
Global configuration (config)
Command History
Usage Guidelines
This command can be configured on the Virtual Routing and Forwarding (VRF) and non-VRF interfaces. Normally, a syslog message contains the IPv4 or IPv6 address of the interface used to exit the router. The logging source-interface command configures the syslog packets that contain the IPv4 or IPv6 address of a particular interface, regardless of which interface the packet uses to exit the router.
When no specific interface is configured, a wildcard interface address of 0.0.0.0 (for IPv4) or :: (for IPv6) is used, and the IP socket selects the best outbound interface.
Examples
The following example shows how to specify that the IP address of Ethernet interface 0 is the source IP address for all syslog messages:
Router(config)# logging source-interface ethernet 0The following example shows how to specify the IP address for Ethernet interface 2/1 is the source IP address for all syslog messages:
Router(config)# logging source-interface ethernet 2/1The following sample output displays that the logging source-interface command is configured on a VRF source interface:
Router# show running interface loopback49Building configuration...Current configuration : 84 bytes!interface Loopback49ip vrf forwarding blackip address 49.0.0.1 255.0.0.0endRouter# show running | includes logginglogging source-interface Loopback49 vrf blacklogging host 130.0.0.1 vrf blackRelated Commands
logging trap
To limit messages logged to the syslog servers based on severity, use the logging trap command in global configuration mode. To return the logging to remote hosts to the default level, use the no form of this command.
logging trap level
no logging trap
Syntax Description
Defaults
Syslog messages at level 0 to level 6 are generated, but will only be sent to a remote host if the logging host command is configured.
Command Modes
Global configuration
Command History
Usage Guidelines
A trap is an unsolicited message sent to a remote network management host. Logging traps should not be confused with SNMP traps (SNMP logging traps require the use of the CISCO -SYSLOG-MIB, are enabled using the snmp-server enable traps syslog command, and are sent using the Simple Network Management Protocol.)
The show logging EXEC command displays the addresses and levels associated with the current logging setup. The status of logging to remote hosts appears in the command output as "trap logging".
Table 34 lists the syslog definitions that correspond to the debugging message levels. Additionally, four categories of messages are generated by the software, as follows:
•
•
•
•
Use the logging host and logging trap commands to send messages to a remote syslog server.
Examples
In the following example, system messages of levels 0 (emergencies) through 5 (notifications) are sent to the host at 209.165.200.225:
Router(config)# logging host 209.165.200.225Router(config)# logging trap notificationsRouter(config)# endRouter# show loggingSyslog logging: enabled (0 messages dropped, 1 messages rate-limited,0 flushes, 0 overruns, xml disabled, filtering disabled)Console logging: level emergencies, 0 messages logged, xml disabled,filtering disabledMonitor logging: level debugging, 0 messages logged, xml disabled,filtering disabledBuffer logging: level debugging, 67 messages logged, xml disabled,filtering disabledLogging Exception size (4096 bytes)Count and timestamp logging messages: enabledTrap logging: level notifications, 71 message lines loggedLog Buffer (4096 bytes):00:00:20: %SYS-5-CONFIG_I: Configured from memory by console...Related Commands
logging host
Enables remote logging of system logging messages and specifies the syslog server host that messages should be sent to.
logging userinfo
To enable the logging of user information, use the logging userinfo command in global configuration mode. To cancel the logging of user information, use the no form of this command.
logging userinfo
no logging userinfo
Syntax Description
This command has no arguments or keywords.
Command Default
User information logging is disabled by default.
Command Modes
Global configuration (config)
Command History
Usage Guidelines
The logging userinfo global configuration command allows the logging of user information when the user invokes the enable privilege mode or when the user changes the privilege level. The user can change the privilege level of a terminal session by using the enable and the disable command.
Information logged includes username, line (for example, Console and vty0), and privileged level (for example, 0 to 15).
Note
Examples
The following example shows how to enable user information logging:
Router# configure terminalRouter(config)# logging userinfoRouter(config)# exitThe following are two examples of user information logging using the enable and disable commands:
Router> enable 15Password:Router#*Feb 26 17:11:15.398: %SYS-5-PRIV_AUTH_PASS: Privilege level set to 15 by cisco)The enable command allows the user to enter a desired privilege level.
Router# disable 6Router#*Feb 26 17:12:28.922: %SYS-5-PRIV_AUTH_PASS: Privilege level set to 6 by cisco)The disable command allows the user to enter a desired privilege level.
Related Commands
