Syslog messages that appear on a Cisco device consists of several parts. Consider the following message:
*Jan 18 03:02:42: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to down
The message consists of the following parts:
- Jan 18 03:02:42 – the timestamp
- %LINEPROTO – the source that generated the message. It can be a hardware device (e,g. a router), a protocol, or a module of the system software.
- 5 – the severity level, from 0 to 7, with lower numbers being more critical.
- UPDOWN – the unique mnemonic for the message
- Line protocol on Interface GigabitEthernet0/0, changed state to down – the description of the event
Severity levels are numbered 0 to 7:
- 0 – emergency (System unusable)
- 1 – alert (Immediate action needed)
- 2 – critical events (Critical condition)
- 3 – error events (Error condition)
- 4 – warning events (Warning condition)
- 5 – notification events (Normal but significant condition)
- 6 – informal events (Informational message only)
- 7 – debug messages (Appears during debugging only)
In our example the message has the severity level of 5, which is a notification event. The first five levels (0-4) are used by messages that indicate that the functionality of the device is affected. Levels 5 and 6 are used by notification messages, while the level 7 is reserved for debug messages.
The severity levels can be used to specify the type of messages that will be logged. For example, if you think that you are getting too many non-important messages when logged in through a console, the global configuration command logging console 2 will instruct the device to only log messages of the severity level 0, 1 and 2 to the console.