Syslog explained

Syslog is a standard for message logging. Syslog messages are generated on Cisco devices whenever an event takes place – for example, when an interface goes down or a port security violation occurs.

You’ve probably already encountered syslog messages when you were connected to a Cisco device through the console – Cisco devices show syslog messages by default to the console users:

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to down

This is because the logging console global configuration command is enabled by default. SSH and Telnet users need to execute the terminal monitor EXEC mode command in order to see the messages:

R1#terminal monitor
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to up

In the example above you can see that the logged in user executed the terminal monitor command. Because of that, the telnet user was notified via a syslog message when the Gi0/1 interface went up a couple of moments later.

It is recommended to store the logs generated by Cisco devices to a central syslog server. To instruct a device to send logs to the syslog server, we can use the logging IP_ADDRESS command:


Now, logs generated on R1 will be sent to the syslog server with the IP address of Of course, you need to have a Syslog server (e.g. Kiwi syslog) installed and configured.

It is also possible (and recommended) to use specify hostname instead of the IP address in the logging command. The command is logging host HOSTNAME.

Download our Free CCNA Study Guide PDF for complete notes on all the CCNA 200-301 exam topics in one book.

We recommend the Cisco CCNA Gold Bootcamp as your main CCNA training course. It’s the highest rated Cisco course online with an average rating of 4.8 from over 30,000 public reviews and is the gold standard in CCNA training: