logging

Syntax

logging {<IPV4-ADDR> | <IPV6-ADDR> | <HOSTNAME>} 
     [udp [<PORT-NUM>] | tcp [<PORT-NUM>]| tls [<PORT-NUM>]] 
     [include-auditable-events] [severity <LEVEL>] [vrf <VRF-NAME>]

logging {<IPV4-ADDR> | <IPV6-ADDR> | <HOSTNAME>} 
     [tls [<PORT-NUM>]] [auth-mode {certificate|subject-name}] 
     [legacy-tls-renegotiation] [include-auditable-events] [severity <LEVEL>] 
     [vrf <VRF-NAME>]

no logging {<IPV4-ADDR> | <IPV6-ADDR> | <HOSTNAME>}

Description

Enables syslog forwarding to a remote syslog server.

The no form of this command disables syslog forwarding to a remote syslog server.

Command context

config

Parameters

{<IPV4-ADDR> | <IPV6-ADDR> | <HOSTNAME>}

Selects the IPv4 address, IPv6 address, or host name of the remote syslog server. Required.

[udp [<PORT-NUM>] | tcp [<PORT-NUM> | tls [<PORT-NUM>]]

Specifies the UDP port, TCP port, or TLS port of the remote syslog server to receive the forwarded syslog messages.

udp [<PORT-NUM>]: Range: 1 to 65535. Default: 514
tcp [<PORT-NUM>]: Range: 1 to 65535. Default: 1470
tls [<PORT-NUM>]: Range: 1 to 65535. Default: 6514

include-auditable-events

Specifies that auditable messages are also logged to the remote syslog server.

severity <LEVEL>

Specifies the severity of the syslog messages:

alert: Forwards syslog messages with the severity of alert (6) and emergency (7).
crit: Forwards syslog messages with the severity of critical (5) and above.
debug: Forwards syslog messages with the severity of debug (0) and above.
emerg: Forwards syslog messages with the severity of emergency (7) only.
err: Forwards syslog messages with the severity of err (4) and above
info: Forwards syslog messages with the severity of info (1) and above. Default.
notice: Forwards syslog messages with the severity of notice (2) and above.
warning: Forwards syslog messages with the severity of warning (3) and above.

auth-mode

Specifies the TLS authentication mode used to validate the certificate.

certificate: Validates the peer using trust anchor certificate based authentication. Default.
subject-name: Validates the peer using trust anchor certificates as well as subject-name based authentication.

legacy-tls-renegotiation

Enables the TLS connection with a remote syslog server supporting legacy renegotiation.

vrf <VRF-NAME>

Specifies the VRF used to connect to the syslog server. Optional. Default: default

Authority

Administrators

Examples

Enabling the syslog forwarding to remote syslog server 10.0.10.2:

switch(config)# logging 10.0.10.2

Enabling the syslog forwarding of messages with a severity of err (4) and above to TCP port 4242 on remote syslog server 10.0.10.9 with VRF lab_vrf:

switch(config)# logging 10.0.10.9 tcp 4242 severity err vrf lab_vrf

Disabling syslog forwarding to a remote syslog server:

switch(config)# no logging

Enabling syslog forwarding over TLS to a remote syslog server using subject-name authentication mode:

switch(config)#logging example.com tls auth-mode subject-name