It is really a pain when your cisco equipment freezes and overwrites all the logs when it reboots to tell you that the interfaces are back up. You have no clue why it went down or what happened 5 seconds before. That’s why we need the syslogger..!!
You can get a free one for one device from Syslog Watcher Personal Edition or get the personal edition or KIWI which is really well rated.
Syslog Configuration and Cisco Devices
Syslog reserves facilities “local0″ through “local7″ for log messages received from remote servers and network devices. Routers, switches, firewalls and load balancers each logging with a different facility can each have their own log files for easy troubleshooting. The following examples will show how to have a different log file for each class of device.
If you have a large data center, then you may also want to switch off all logging to /var/log/messages as suggested above for the home/SOHO environment. In all the network device configuration examples below we are logging to the remote Linux logging server 192.168.1.100 which we set up in the previous section.
Cisco Routers
By default Cisco routers send syslog messages to their logging server with a default facility of local7. We won’t set the facility in this case, but we can tell the router to timestamp the messages and make the messages have the source IP address of the loopback interface.
service timestamps log datetime localtime
no logging console
no logging monitor
logging 192.168.1.100Catalyst CAT Switches running CATOS
By default Cisco switches also send syslog messages to their logging server with a default facility of local7. We won’t change this facility either, therefore making routers and switches log to the same file.
set logging server enable
set logging server 192.168.1.100
set logging level all 5
set logging server severity 6
Taken from : http://www.linuxhomenetworking.com/cisco-hn/syslog-cisco.htm
