In this article, you can find how to collect Cisco log entries easily.
If you are receiving large amounts of logs and having difficulty collecting logs, you can simplify your log collection with the following sample configuration. Enter Config mode and perform the following commands:
service sequence-numbers service timestamps debug datetime localtime msec logging buffered no logging console no logging monitor default logging rate-limit default logging queue-limit
After this configuration, run the required debug commands to simulate the state you want to capture and use the following command to end the debug after the state occurs:
undebug all
Use terminal length 0 to display all of the logs on the screen. Use show logging command to display all logs stored in the buffer. Since this is a faster data stream, do this over Telnet / SSH, rather than through the console. In the terminal program start capture / log collection and enter the following commands to print all logs:
terminal length 0 show logging
After collection is complete, you can use following commands in configuration mode to re-enable synchronous logging on console and telnet / SSH connections:
logging console logging monitor
So What Do These Commands Do?
Now let’s examine what these cisco log commands mean. You may want to change these commands depending on the type of logs you receive.
service sequence-numbers – This command adds a sequence number to the beginning of the log line. In this way, if the logs are sent to a syslog server, it can be determined whether the message is lost during transmission.
service timestamps debug datetime localtime msec – The time information of debug messages is maintained in milliseconds. This allows the simultaneous generation of logs generated by different debug commands, making it easier to read logs.
logging buffered 10000000 debug – Allows the router to store logs in its own buffer. The number 10000000 determines the buffer size and corresponds to 10MB. You can determine the amount of debug you will receive according to the amount of RAM. Since this buffer works as rotating, if the 10MB is exceeded, the oldest logs are deleted and the new logs are written to the buffer. At the end, the debug command allows you to keep logs at the debug level.
no logging console – Enables logging of received logs from the console screen. If a large amount of logging is generated (eg. higher than the console connection speed), it can increase the CPU load of the device to 100%.
no logging monitor – Prevents received logs, such as the above command, from being printed on the Telnet / SSH screen.
default logging rate-limit – Limits device log messages by default. This ensures the stability of the device. Rate limit feature can be increased or decreased with logging rate-limit command. This command ensures that rate limit remains at default value.
default logging queue-limit – This command is used to limit the retention of logs in a queue, similar as above. If the queue limit has been changed by the logging queue-limit command, the value will be set to the default value.
