Logging
Logging provides comprehensive event recording and monitoring capabilities that capture, categorize, and distribute system messages based on configurable severity levels from emergency to debugging. It supports multiple output destinations including console, buffer, file storage, and remote syslog servers with flexible transport options including UDP, TCP, and secure TLS connections. Logging configuration enables centralized log collection, real-time monitoring, forensic analysis, and compliance reporting by providing detailed visibility into device operations, security events, and network behavior patterns.
Diagram
Section titled “Diagram”
Classes
Section titled “Classes”configuration (iosxe.devices)
Section titled “configuration (iosxe.devices)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| logging | Class | [logging] | No |
logging (iosxe.devices.configuration)
Section titled “logging (iosxe.devices.configuration)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| monitor_severity | String | No | ||
| buffered_size | Integer | min: 4096, max: 2147483647 | No | |
| buffered_severity | String | No | ||
| console | Boolean | true, false | No | |
| console_severity | String | No | ||
| facility | Choice | auth, cron, daemon, kern, local0, local1, local2, local3, local4, local5, local6, local7, lpr, mail, news, sys10, sys11, sys12, sys13, sys14, sys9, syslog, user, uucp | No | |
| history_size | Integer | min: 0, max: 65535 | No | |
| history_severity | String | No | ||
| trap | Boolean | true, false | No | |
| trap_severity | String | No | ||
| origin_id_type | Choice | hostname, ip, ipv6 | No | |
| origin_id_name | String | No | ||
| file_name | String | No | ||
| file_max_size | Integer | min: 0, max: 4294967295 | No | |
| file_min_size | Integer | min: 0, max: 4294967295 | No | |
| file_severity | String | No | ||
| source_interface_type | Choice | Loopback, Vlan, GigabitEthernet, TwoGigabitEthernet, FiveGigabitEthernet, TenGigabitEthernet, TwentyFiveGigabitEthernet, FortyGigabitEthernet, HundredGigabitEthernet | No | |
| source_interface_id | String | No | ||
| source_interfaces_vrf | List | [source_interfaces_vrf] | No | |
| hosts | List | [hosts] | No |
source_interfaces_vrf (iosxe.devices.configuration.logging)
Section titled “source_interfaces_vrf (iosxe.devices.configuration.logging)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| vrf | String | Yes | ||
| interface_type | Choice | Loopback, Vlan, GigabitEthernet, TwoGigabitEthernet, FiveGigabitEthernet, TenGigabitEthernet, TwentyFiveGigabitEthernet, FortyGigabitEthernet, HundredGigabitEthernet | No | |
| interface_id | String | No |
hosts (iosxe.devices.configuration.logging)
Section titled “hosts (iosxe.devices.configuration.logging)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| ip | IP | Yes | ||
| vrf | String | No | ||
| transport_udp_ports | List | Integer[min: 1, max: 65535] | No | |
| transport_tcp_ports | List | Integer[min: 1, max: 65535] | No | |
| transport_tls_ports | List | [transport_tls_ports] | No |
transport_tls_ports (iosxe.devices.configuration.logging.hosts)
Section titled “transport_tls_ports (iosxe.devices.configuration.logging.hosts)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| port | Integer | min: 1025, max: 65535 | Yes | |
| profile | String | No |
By capturing, categorizing, and distributing system messages to various destinations, logging enables real-time analysis, compliance, and operational visibility.
Logging Parameters
Section titled “Logging Parameters”Key Components:
Monitor Severity (
monitor_severity): Sets the severity level for messages displayed on the terminal.Buffered Log Size and Severity (
buffered_size,buffered_severity): Configures the size and severity level for the internal logging buffer.Console Logging (
console,console_severity): Enables console logging and sets the severity level for messages sent to the console.Facility (
facility): Specifies the syslog facility for remote logging.History Size and Severity (
history_size,history_severity): Configures the size and severity level for the logging history.Trap Logging (
trap,trap_severity): Enables SNMP trap logging and sets the severity level.Origin ID Type and Name (
origin_id_type,origin_id_name): Sets the origin ID for syslog messages.Source Interface (
source_interface_type,source_interface_id): Specifies the source interface for outgoing syslog messages.File Logging (
file_name,file_max_size,file_severity): Configures file logging with name, maximum size, and severity.Remote Syslog Hosts (
hosts): Defines remote syslog servers with IP, VRF, transport type/ports, and TLS profile.Source Interfaces VRF (
source_interfaces_vrf): Specifies source interfaces for syslog messages within a VRF.
Key Parameters Briefly Explained:
monitor_severity: Terminal message severity.buffered_size,buffered_severity: Buffer size and severity.console,console_severity: Console logging enable and severity.facility: Syslog facility.history_size,history_severity: History log settings.trap,trap_severity: SNMP trap logging.origin_id_type,origin_id_name: Syslog origin ID.source_interface_type,source_interface_id: Source interface for syslog.file_name,file_max_size,file_severity: File logging settings.hosts: Remote syslog host configuration.source_interfaces_vrf: VRF-specific source interfaces.
You can use these Logging parameters to control how system messages are recorded, filtered, and distributed. Customize severity levels, output destinations, and transport options to fit your network’s monitoring requirements, security policies, and compliance needs. Adjusting these parameters lets you tailor visibility into device operations and network behavior.
Sample Configuration
Section titled “Sample Configuration”The following configuration describes how to set up logging on a Cisco IOS-XE device, including monitor, buffered, console, file, and remote syslog host settings, severity levels, source interfaces, and transport protocols.
logging monitor informationallogging buffered 16000logging console warningslogging facility local0logging history size 100logging history informationallogging trap informationallogging origin-id hostnamelogging source-interface Loopback0logging file device-logs.txt 1000000 debugging!logging host 2001::1 transport udp port 514logging host 2001::1 transport udp port 10000logging host 2001::1 transport tcp port 10001logging host 2001::1 transport tcp port 10003logging host 2001::1 transport tls port 6514 profile TLS-PROFILE-1logging host vrf MGMT 192.168.5.24logging host vrf MGMT 192.168.5.24 transport udp port 514Example YAML Code
Section titled “Example YAML Code”The following YAML code defines logging configuration on an IOS-XE device, including monitor, buffered, console, history, and file logging settings, along with remote syslog hosts configured with various transport options, VRF associations, and source interface settings.
iosxe: devices: - name: Device1 configuration: logging: monitor_severity: informational buffered_size: 16000 buffered_severity: informational console_severity: warnings facility: local0 history_size: 100 history_severity: informational trap: true trap_severity: informational origin_id_type: hostname origin_id_name: CORE-SW-01 source_interface_type: Loopback source_interface_id: "0" file_name: device-logs.txt file_max_size: 1000000 file_severity: debugging source_interfaces_vrf: - vrf: MGMT interface_type: Vlan interface_id: "100" hosts: - ip: 2001::1 transport_udp_ports: - 514 - 10000 transport_tcp_ports: - 10001 - 10003 transport_tls_ports: - port: 6514 profile: TLS-PROFILE-1 - ip: 192.168.5.24 vrf: MGMT transport_udp_ports: - 514