To enable event logging, the following points should be considered:
- Setting the logging level for events.
- Security of transferring log files from the device to the server and secure storage of log files.
- Using NTP version 3 for time synchronization to accurately record event times.
- Ensuring sufficient space for storing and recording log files.
Cisco devices have the capability to send events to various sources:
- Sending events through the Console port to the terminal.
- Sending events through Line vty to services like Telnet.
- When configuring the SNMP Agent, the device can send events to the SNMP Server.
- Sending events to the Syslog Server.
Note: Syslog messages are sent in clear text to the Syslog server.
Configuring the Syslog service:
Router(config)#logging 192.168.1.1
In this example, the router sends logs to the server at 192.168.1.1.
Setting the Syslog Message Level:
Router(config)#logging trap warnings
In the above example, the Syslog messages level is set to level 4, including levels 0, 1, 2, 3, and 4.
Note: If the Syslog message level is not specified, level 6 is considered as the default.
Some examples of Windows-based software for collecting events include Tftpd32 and Kivi Syslog.