logging

Syntax

logging {<IPV4-ADDR> | <IPV6-ADDR> | <HOSTNAME>} 
     [udp [<PORT-NUM>] | tcp [<PORT-NUM>]| tls [<PORT-NUM>]] 
     [include-auditable-events] [severity <LEVEL>] [vrf <VRF-NAME>]
logging {<IPV4-ADDR> | <IPV6-ADDR> | <HOSTNAME>} 
     [tls [<PORT-NUM>]] [auth-mode {certificate|subject-name}] 
     [legacy-tls-renegotiation] [include-auditable-events] [severity <LEVEL>] 
     [vrf <VRF-NAME>]
no logging {<IPV4-ADDR> | <IPV6-ADDR> | <HOSTNAME>}

Description

Enables syslog forwarding to a remote syslog server.

The no form of this command disables syslog forwarding to a remote syslog server.

Command context

config

Parameters

{<IPV4-ADDR> | <IPV6-ADDR> | <HOSTNAME>}
Selects the IPv4 address, IPv6 address, or host name of the remote syslog server. Required.
[udp [<PORT-NUM>] | tcp [<PORT-NUM> | tls [<PORT-NUM>]]

Specifies the UDP port, TCP port, or TLS port of the remote syslog server to receive the forwarded syslog messages.

udp [<PORT-NUM>]

Range: 1 to 65535. Default: 514

tcp [<PORT-NUM>]

Range: 1 to 65535. Default: 1470

tls [<PORT-NUM>]

Range: 1 to 65535. Default: 6514

include-auditable-events

Specifies that auditable messages are also logged to the remote syslog server.

severity <LEVEL>
Specifies the severity of the syslog messages:
  • alert: Forwards syslog messages with the severity of alert (6) and emergency (7).

  • crit: Forwards syslog messages with the severity of critical (5) and above.

  • debug: Forwards syslog messages with the severity of debug (0) and above.

  • emerg: Forwards syslog messages with the severity of emergency (7) only.

  • err: Forwards syslog messages with the severity of err (4) and above

  • info: Forwards syslog messages with the severity of info (1) and above. Default.

  • notice: Forwards syslog messages with the severity of notice (2) and above.

  • warning: Forwards syslog messages with the severity of warning (3) and above.

auth-mode

Specifies the TLS authentication mode used to validate the certificate.

  • certificate: Validates the peer using trust anchor certificate based authentication. Default.

  • subject-name: Validates the peer using trust anchor certificates as well as subject-name based authentication.

legacy-tls-renegotiation

Enables the TLS connection with a remote syslog server supporting legacy renegotiation.

vrf <VRF-NAME>

Specifies the VRF used to connect to the syslog server. Optional. Default: default

Authority

Administrators or local user group members with execution rights for this command.

Examples

Enabling the syslog forwarding to remote syslog server 10.0.10.2:

switch(config)# logging 10.0.10.2

Enabling the syslog forwarding of messages with a severity of err (4) and above to TCP port 4242 on remote syslog server 10.0.10.9 with VRF lab_vrf:

switch(config)# logging 10.0.10.9 tcp 4242 severity err vrf lab_vrf

Disabling syslog forwarding to a remote syslog server:

switch(config)# no logging

Enabling syslog forwarding over TLS to a remote syslog server using subject-name authentication mode:

switch(config)#logging example.com tls auth-mode subject-name