delivers messages regarding network events, along with a Ju determine when the event occurred. These messages can b si iring out what the heck just happened in your network — you just have’ and read the message carefully. I say that because some netwo More than a little when these messages show up, and in that panic lessage that’s right in front of them ing is straightforward, but the /ogging command itself can be a lit Ke @ look at the logging options hostname and trap first, Bek (config) + “one’s simple enough! We just need to follow logging with of that host. The tr male ‘p option is a bit more complex: @) Flogging tear 2 iRg discriminator pre Cte ale) ct taRbhsd file albu El led Ltd et eres id etait rr art) Pears rrercea kr rd ete ek a eC mets Smee ee BU mice en ed Ue TNO ime ir et Ue Ca Se a eee) Append delimiter to syslog messages Sa aT Oe Cy PS atari Om SCC TSN aU a Cee 3 Pa 5 erematers a id Configure syslog history table Set syslog server IP address and parameters 7 Configure log message to include certain counter val cs aes yl ei Leu jogging to all enabled destinations in ID to syslog messages SCO ec 7 TE a a) ik CaCritical conditions Debugging messages System is unusable errors Error conditions informational Informational messages notifications Normal but significant conditions! warnings Warning conditions When you select a trap level, all messages of the numeric: all those with a lower numeric value are sent to the lo hostname. Therefore, to send all log messages to the server level 7. You can use the name of the level or the numeric enough so you get all the messages you need sent to | Deciphering syslog messages takes a little practice, so he latest syslog message on my L3 switch. eo: 5-CONFIG_T? Comm(config)#logging hostname 10.1.1.3 ‘ UR Mh a MLS_1(config)#logging 10.1.1.3 ea A hu i ee <0-7> (Rr esa alerts porte eetas tomer) (severity=1) rae hal Critical conditions (severity=2) pee Deh meer ad ahs eee) emergencies System is _unus. ahs) ed Error conditions ahs ae) CSC atu mr (severity=6) seer atu eo) eel hal ea koe etn Petron bat i %SYS-5-CONFIG_I: Configured from console by console Tae BS ee Oe oO Bee - cir initiatedEET) NISSEN Ce OU started - CLI initiated Tera GCser CU ORO O ek Ue mea ea asd Pores ee wer Sy eae Meee Least. ea datetime Timestamp with date and time Pa Timestamp with system uptime aos LS_1(config)#service timestamps log datetime 7? esis Use_local time zone for timestamps rtd Include milliseconds in timestamp Amst iO ON la a STS py Include year in timestamp ates teetee timestamps log datetime msec MLS_1CconFig)#Azee ete ae i Teese as ta mee pr 1 08:46:21.891: %SYS-5-CONFIG_I: Configured from console by cc eee Saat aries Cue aU ee LS_1(config)#service timestamps ? Prove ee eet ween eo ets CS Boe LS_1(config)#service timestamps log 7 datetime Timestamp with date and time Pau Timestamp with system uptime eared Weegee gs pass Tee rc pee ee MLS_1CconFig)#AZ es eo a akoPen oc materi isrr Tal BAUCU Ruee te a pata PICO gs coe ot aed prs ea aaa UC aL Mestearmrzg ier; 22:55:31: %SYS-5-CONFIG_I: Configured from console by console SSeS lEnter configuration commands, one per line. End with CNTL/z. Minar ae Mates e Sm sg cist Pea St echoes i Include milliseconds in timestamp Pm Mat ea ately year Include year in timestamp cao ee BLU moat MLS_1 (config) #AZ ees a ar eee ome RS Re Be oo, eejog message on my Ls switcn. 1 02:50:32.465: $S¥S-5-CONFIG_I: Configured from console © You can change the beginning of syslog messages to the timestamp fo pice with service timestamps log. 1 personally find the miliseeg Timest TimestamrSe fs: ‘As a result, the next sysic yer 1 02: Dif you prefer to have the dev option! camp dee If you prefer to have the device uptime reflected ae i jected in syslog m MES_1 (conf. Mus_1 The next syslog message indicates this device has been up for 2 hours, and 56 seconds. F 02:54:56: 3sY 1e by consoleumm™ The “5” bolded above indicates the severity level, followed by, thes message and the message text itself sole is set to display all syslog messages by del ‘The switch con: To change this value, use log fe throughout the course fig) #2 #y level: on needed02:54:56: ¥SYS-5-CONFIG I: Configured from console The “5S” bolded above indicates the severity level, followed this message and the message text itself. b i The switch console is set to display all syslog messages by it there throughout the course. To change this value, use logging MLs t (severitt c ritica (severityea eae J MLS_1(config)#Az i — ae 7 Apr 1 08:47:24: %SYS-5-CONFIG_I: Configured from console by con eae ae Smear ie ete an A he eae IMLS_1(config)#logging buffered 7 <0-7> Logging severity level SO Pee UL el Vemma cee Fu tae) Ree ee alae! (severity (eee toe critical rhe ed Creer nia) Pee eee “7 Cie Pee Ree aro) Sg ule Ses (severit ee ee Mh (eras) caehe og: ) ar wee Asa eR) cua kL Ped s (severity=6 lahat tats Normal but significant conditions (severity=5 Td Nah een i Peta es oe pe een Ste MR Mh etehearse ia VAC CEC rs aC < Bit eaceealaall NOM es Ea Un INo Inactive Message Discriminator. PPR nee Saas eater e voniton an ieee de Pia ed eieering mooie. 7! Tor te Barapa Scere aie du ire Reaeaah a modules. Bela 3 Pee eee oe Cir it @ messages logged, xml disabled, Set MELaS ib i) RCC acon EU as SPELL j-I: Configured from co cer Ser) Configured from cor Litera) + Configured from con: Configured from console Configured from conso Configured from conso Configured from console be ene Meee al a de ee CO Sah car Oe arte ae a %SSH-S-ENABLED: SSH 1.5 has been enabled %SYS-5-CONFIG_I: Configured from conso! %SYS-5-CONFIG_I: Configured from console %SYS-6-LOGGINGHOST_STARTSTOP: Logging ¢ CLI initiated 1 22:00:42.958: %SYS-6-LOGGINGHOST_STARTSTOP: Logging t t 514 stopped - CLI initiated PLUMMET AT TEED ELT Coton a ie ar TUE ErTU My De oe oc esc ee a rare) Ructaae Met rr 7 Pe} 5 zi 1 1 1 ce 1 ri Fe r Fi x 1 Neve eooeeesssfe eee toe eee) Apr 1 08:29:25: XSYS-5-CONFIG_I: Configured from console by ae Ee ae ree ae ge he aa Apr 1 08:29:27: %LINEPROTO-5-UPDOWN: Line protocol on Interfa PU ees eee Apr 1 08:30:23: %SYS-5-CONFIG_I: Configured from console by coy a XSYS-5-CONFIG_I: Configured from console by co a %SYS-5-CONFIG_I: Configured from console by con a s %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 10 Boiss Aa OL Ee Lees eet ee ee ae BCs Configured from console by con: Pree Eee eo ano (meee lar |) SU a la Se ome eee at a ae ee Apr _1 08:49:13: %SYS-5-CONFIG_I: Configured from console by console ae aed lenter configuration commands, one per line. End with CNTL/z. ets slomcumse LS_1(config-if)#shut LS_1(config-if)# \pr_ 1 08:51:07: %LINK-5-CHANGED: Interface FastEthernet0/1, changed st Morar tah eu Nieto ats told CIES FESO Fee eC eee Ll ee a a Maisie oa) eeea : %SYS-5-CONFIG_I: Configured from console by < Na PO Re Nace iar ie Mie ese ae: Na %SYS-5-CONFIG_I: Configured from console by c Apr 1 08:44:40: %SYS-6-LOGGINGHOST_STARTSTOP: Logging to host 1 started - CLI initiated ge METS OL ERE Cem sear ree a 22:55:31: %SYS-5-CONFIG_I: Configured from console by console 1 08:47:24: %SYS-5-CONFIG_I: Configured from console by console Apr 1 08:49:13: %SYS-5-CONFIG_I: Configured from console by console Rea Bicmear Stu Rs Ue a ere pepe esant ee Cear eke TM TES e Ae heme CE Cur CM Cau eRe ee te ministratively down emo lar a tpL Apr. 1 08:51:08: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEther Aerie) Ree scons ae CSC alos Som MC Settee elon on i acige eM aaa eRe ee POEM Peseta or eee Pe he Mer SeeCra BN or ener oer 3-UPDOWN: Interface FastEthern Read eet el eT ciao) k Configured from console b: I: Configured from con: PORN OC aL ecb ae forsee EPPS ERE Nemes me Me aT et ee ENERO ae eM at Te ig ee a eee mF 08:47:24: %SYS-S-CONFIG_I: Caras tiem: changed state face Fastethel changed state terface Fast&thelReset O(n iPM Ersts trib eno RR Uc st eee PR EES eS CHE IBS oye etl Ph Citra esse aco) NE ee ea MLs_: mera CO a sR Ce eC Ree MLS_1(config)#int fast 0/1 MLS_1(config-if)#logging event ? Piers tt) CUM a eT Tink-status Te Rey Woah rrettry cee ty Digest spanning-tree Spanning-tree Interface events ey SU eee eect subif-link-status Sub-interface UPDOWN and CHANGE messages rere ta Sheree eet eer PC CU ers MLS_1Cconfig-if)#Az Scar ISTE Fer EP Pato oe RT a MLS_1#conf t ' ast ines chad aApr 1 08:51:16: %LINEPROTO-5-UPDOWN: Line protocol on Inte Mes essa) Apr 1 08:51:20: %SYS-S-CONFIG_I: Configured from console by c MLS_1# ATicme rca aes Enter configuration commands, one per line. End with CNTL/Z Cua siaac or ayee maa a ead Presse Ptiontagn in a eee link-status De ey ae tee Ore aS renee pug ey Spanning-tree Interface events status Sa ieee eee Pe eae Aichi arate Paorinacs st povaescirree tests) eae #no logging event link-status Teeter tera re ety pr _1 08:52:26: XSYS-5-CONFIG_I: Configured from console by console ea ROmssual tests a, Re ead Reet scoat saaa omy pr 1 08 SYS-5-CONFIG_I: Configured from console _b any MeN ere brace Ma lade) Ve Tea eet oP eh aeeel oT Apr 1 08:30 YS-5-CONFIG_I: Configured from console by Apr 1 08:39 %SYS-5-CONFIG_I: Configured from console by co PMY Tee EEE er me) sie e ares Min eee ges EPEC Ee OE eo clo ea started - CLI initiated Apr__1_08:46:21.891: %SYS-S-CONFIG_I: Configured from console by 22:55:31: MSYS-5-CONFIG_I: Configured from console by console a pease se SST ea ame [Via ee Ese a ee a Pe sas Re protocol on Interface Fas Coie States eT fine protocol on Interface onfigured from console by c PIE eae) ecient es Mane eaeHh We Hap (Stamps) If your timestamps reflect an era long gone, it’s time to get MLs_1#sh 04755: Mee 1993 Yeah, like that! We can set the local device's time with clock that setting with clock timezone and clock summer-time. Note Tun as opposed to the other clock commands.e. eet TS ae eet vate) commands, of i Tica Reset ha L Ce ee ea ee pAlb et eee T MLS_1(config)#Az eee %SYS-5-CONFIG_I: Configured from console by console TES ae ta rae (See Soa Colo STS ae) ed SIRES eT am Mats MONTH Month of the year IMLS_1#clock set 09:09:00 April ? <1-31> Day of the month LS_1#clock set 09:09:00 April 1 ? <1993-2035> Year LS_l#clock set 09eee fia aret ard Ree aed MLS_l#clock set 09:09:00 ? EP ee Nee tay Pe os MLS_1#clock set 09:09:00 April 7 Rese ame lal ILS_1#clock set 09:09:00 April 1? <1993-2035> Year LS_1#clock set 09:09:00 April 1 2015 7 ° eS) ese cS a te RL ta ee ie ce ot) ane elk ie serene atm ae eS o a Herre iars 9 Bi<1993=2035> Year Mr a lock set 09:09:00 April 1 2015 7 SS SSE oS CR ae are ed ae Apr 1 09:09:00: Lata oad By ea au rT F uTc_wed Apr 1 2015 to 09 00 UTC Wed Apr 1 2015, configured Ory ee mea ris 09:09:03.758 UTC Wed Apr 1 2015 ‘on commands, one per line. LS_1(config)#clock ?. en Peer URES 23 Cua chat save Pers aaa with NVRAM q rer aL ea ed summer (daylight savings) time Pau Configure time zone eeeMLS_Ifclock set 13:43:00 March 25 2015 2 MIS _lfclock set 13:43:00 March 25 2015 4:59:01 sun Feb 2 console + $SYS-6-CLOCKUPDATE: System clock has been if 1993 to 13:43:00 EDT Wed Mar 25 2015, confMLS_1 (config) #clock timezone EST -5 MLS_1(config)#clock summer-time ? WORD name of time immer3_1 (config) #clock summer-time EDT 7 date Configure absolute summer time Fecurring Configure recurring summer time MLS_1(config)#clock summer-time EDT recurring <1-4> Week number to start first First week of the month last Last week be MLS_l (config) #clock summer-time EDT recurring The clock timezone command doesn't list every time zone in tht Coordinated Universal Time (UCT), so you gotta know yours! T live: | inthe United States, so I put Eastern Standard Time (EST) in fe “5 for the offset. For your personal reference, here’s the Wiki offsets: hittp://en.wikipedia.ora/wiki/List_of UTC time) offsets) clock set is okay for one or two routers, but in our netwerl t More routers and switches, and it’s vital they have Protocol (NTP) helps us make that happen.k eR CU ee aCe a Lal 4 aed initialize Initialize system clock on ow RE Sa summer-time Configure summer (daylight sav Pardo Configure time zone IMLS_1(config)#clock timezone ? Ue ak ae PSRs at A to " att. <-23 - 23> Hours Ls_1(config)#clock ETS Pare ie le Po UC s_1(config)#clock Pts Ce eaiier at Ta rl ae sites ce aa) Peta Ld summer-time EDT Cg ag wena diag re SM Be CeCar Las ac eae CRC) at ASL md Pr ree ar amd nar ae aed COR eM ue eT Dee ae es eae cried eae cet aes oa ear eT eet LS_1(config)#clock summer-time EDT date ? <1-31> Date to start Ps aig eee a) last Last week of the month ecoSaat ot tow ay The Network Time Protocol It’s vital for our routers and switches to have a central time source | network devices to synchronize their clocks. Doing so allows our sysl to have accurate and synched time throughout the network, making a lot less frustrating. Synched time is important for our digital certi and if you're using any kind of accounting in your network, accura time is a necessity. You haven't lived until you bill a department of a network resource - in a single month NTP allows us to specify time sources for our switches and Fol time source be another router in the same network or an externé A the very top of our NTP hierarchy are stratum-0 deviegs, BB can’t configure 4 Cisco router to get its time directlyStratum-0 Our Network MLS Can't Get Time Directly From Stratum-0 Clock“ite Tok vw te The number following “stratum” in non-stratum-0 devices indicates “hops away the device is from a stratum-0 device. (And you thought you with hops in RIP!) Stratum-1 servers are generally referred to as time servers, and we can confi ‘a Cisco router to get its time from a stratum-1 device. Stratum-0 Stratum-t your network's “outside” ro For the latest IP addresses of tl recommended that1 It’s strongly recommended that your network's “outside” router _ from a public NTP timeserver. For the latest IP addresses of these ser "a search on the term public NTP servers. Be sure not to block UDP port 1; or other routers in your network - that’s the port NTP uses. Cisco routers can serve as NTP servers, clients, or peers. They can NTP broadcasts for the correct time. The NTP server-client relati NTP Server (Master)<7 . broadcasts for the correct time. The NTP server- you'd expect, with the server giving the correct time to clients. io - 6 NTP Server NTP Client (’Master”) Clients accept the time synch message from the server and set their accordingly. Clients do NOT sent NTP time synch messages back to the! We're not limited to the traditional Server/Client relationship with, Send NTP messages to each other, and either peer can send time SI the other BS. The Timesg Re en md ve te "7 NTP Server NTP client ("Master") Clients accept the time synch message from the server and set their accordingly. Clients do NOT sent NTP time synch messages back to ‘the: We're not limited to the traditional Server/Client relationship with NTP. send NTP messages to each other, and either peer can send time synch mess the other. ‘ — a The Time Time Synch Messages NTP client (2-Way) AND Peer Of and Router We can choose to run NTP in broadcast mode or multicast modes these methods, the server broadcasts or multicasts, Its NTE iis Hlents must be able to receive — otherwise, we're wasting Ug Hm | routers don’t forward broadcasts or multicasts, NIP-based NTP Server (master)Pes Duce: pt ‘ate Vey | ___ It’s highly recommended an NTP public timeserver be used as time source. Should you choose to use one of your network route Master, it’s imperative you use NTP authentication and/or ACLs to prev from outside your network from attempting to synch with one of your ae In our lab, we'll configure MLS_1 as our NTP Master and a ti ROUTER. 3 configured as a client of MLS 1. As always, the router numb the last octet of each IP address. 3 Mg The Time NTP ServerIn our lab, we'll configure MLS_1 as our NTP Master and a ROUTER_3 configured as a client of MLS_1. As always, the router the last octet of each IP address. ——> The Time Let's check the clock on our NTP-Master-to-be. It ain't 1993, so we'll take it!_ Our NTP options: pel atecns Riis> s J #nep mastaE ee aka) ue 41 UTC Mon Mar 1 1993 to 09:41:00 UTC wed Apr 1 2015, c ae eee mala 1:04.043 UTC Wed Apr 1 2015 eee ae Enter configuration commands, one per line. ei Cee Lats ee eel ee Le allow Allow processing of packets EM arts ate ea ee god authentication-key Authentication key for trusted time sources [i a Lae broadcastdelay Estimated round-trip delay clock-period Length of hardware clock tick ath) a ae ed cr cae Us eae max-associations Ota ae ea crue) Pom roti rie We cata Pe a ee peer Car ed ta Peal ee Lae ee es Configure interface for source address bagi a Oe Key numbers for trusted time sources