logging

logging {<IPV4-ADDR> | <IPV6-ADDR> | <FQDN | HOSTNAME>} [ {udp [<PORT-NUM>] }|{tcp [<PORT-NUM>} | {tls [<PORT-NUM> [auth-mode {certificate|subject-name}] [legacy-tls-renegotiation]}] [severity <LEVEL>] [vrf <VRF-NAME>] [include-auditable-events]

[filter <FILTER-NAME>] [ rate-limit-burst <BURST> [rate-limit-interval <INTERVAL>] ]

no logging {<IPV4-ADDR> | <IPV6-ADDR> | <FQDN | HOSTNAME> }

Description

Enables syslog forwarding to a remote syslog server.

The no form of this command disables syslog forwarding to a remote syslog server.

Parameter	Description
{<IPV4-ADDR> \| <IPV6-ADDR> \| <HOSTNAME>}	Selects the IPv4 address, IPv6 address, or host name of the remote syslog server. Required.
[udp [<PORT-NUM>] \| tcp [<PORT-NUM> \| tls [<PORT-NUM>]]	Specifies the UDP port, TCP port, or TLS port of the remote syslog server to receive the forwarded syslog messages.
udp [<PORT-NUM>]	Range: 1 to 65535. Default: 514
tcp [<PORT-NUM>]	Range: 1 to 65535. Default: 1470
tls [<PORT-NUM>]	Range: 1 to 65535. Default: 6514
include-auditable-events	Specifies that auditable messages are also logged to the remote syslog server.
severity <LEVEL>	Specifies the severity of the syslog messages: alert: Forwards syslog messages with the severity of alert (6) and emergency (7). crit: Forwards syslog messages with the severity of critical (5) and above. debug: Forwards syslog messages with the severity of debug (0) and above. emerg: Forwards syslog messages with the severity of emergency (7) only. err: Forwards syslog messages with the severity of err (4) and above info: Forwards syslog messages with the severity of info (1) and above. Default. notice: Forwards syslog messages with the severity of notice (2) and above. warning: Forwards syslog messages with the severity of warning (3) and above.
auth-mode	Specifies the TLS authentication mode used to validate the certificate. certificate: Validates the peer using trust anchor certificate based authentication. Default. subject-name: Validates the peer using trust anchor certificates as well as subject-name based authentication.
legacy-tls-renegotiation	Enables the TLS connection with a remote syslog server supporting legacy renegotiation.
filter <FILTER-NAME>	Specifies the name of the filter to be applied on the syslog messages.
rate-limit-burst <BURST>	Specifies the rate limit for the messages sent to the remote syslog server.
rate-limit-interval <INTERVAL>	Specifies the rate limit interval in seconds. Default: 30 Seconds
vrf <VRF-NAME>	Specifies the VRF used to connect to the syslog server. Optional. Default: default

Examples

Enabling the syslog forwarding to remote syslog server 10.0.10.2:

switch(config)# logging 10.0.10.2

Enabling the syslog forwarding of messages with a severity of err (4) and above to TCP port 4242 on remote syslog server 10.0.10.9 with VRF lab_vrf:

switch(config)# logging 10.0.10.9 tcp 4242 severity err vrf lab_vrf

Disabling syslog forwarding to a remote syslog server:

switch(config)# no logging

Enabling syslog forwarding over TLS to a remote syslog server using subject-name authentication mode:

switch(config)#logging example.com tls auth-mode subject-name

Applying log filtering for syslog server forwarding:

switch(config)# logging 10.0.10.6 severity info filter filter_lldp_logs vrf mgmt

Applying log filtering and enabling the rate limit for syslog server forwarding over TCP port:

switch(config)# logging 10.0.10.2 tcp 3440 severity err vrf mgmt include-auditable-events filter filter_lldp_logs rate-limit-burst 3 rate-limit-interval 35

Command History

Release	Modification
10.07 or earlier	--

Command Information

Platforms	Command context	Authority
All platforms	config	Administrators or local user group members with execution rights for this command.