Configuring Syslog on a Cisco Nexus Switch

There's a couple of default VRF configured on the Cisco Nexus switch: default and management. The management VRF will be used if the Nexus switch is configured with a static default route (a Layer 3 switch).

N5K# show vrf

VRF-Name                           VRF-ID State   Reason                       

default                                 1 Up      --                           

management                              2 Up      --

N5K# configure terminal

Enter configuration commands, one per line.  End with CNTL/Z.

N5K(config)# logging ?

  console           Set console logging

  event             Interface events

  history           Modifies severity level or size for history table

  ip                IP configuration

  level             Facility parameter for syslog messages

  logfile           Set File logging

  message           Interface events

  module            Set module(linecard) logging

  monitor           Set terminal line(monitor) logging level

  origin-id         Enable origin information for Remote Syslog Server

  persistent        Set persistent logging

  rate-limit        Enables rate limit for log messages

  server            Enable forwarding to Remote Syslog Server

  source-interface  Enable Source-Interface for Remote Syslog Server

  timestamp         Set logging timestamp granularity

N5K(config)# logging origin-id ?
  hostname  Use hostname as origin-id of logging messages
  ip        Use ip address as origin-id of logging messages
  string    Use text string as origin-id of logging messages

N5K(config)# logging origin-id hostname    // THIS WILL DISPLAY THE DEVICE HOSTNAME IN SYSLOG

N5K(config)# logging server ?

  A.B.C.D|A:B::C:D|WORD  Hostname/IPv4/IPv6 address of the Remote Syslog Server

N5K(config)# logging server 10.9.6.7 ?

  <CR>     

  <0-7>     0-emerg;1-alert;2-crit;3-err;4-warn;5-notif;6-inform;7-debug

  facility  Facility to use when forwarding to server

  port      Destination Port when forwarding to remote server

  use-vrf   Display per-VRF information

N5K(config)# logging server 10.9.6.7 6 use-vrf ?

  WORD        VRF name (Max Size 32)

  default     Known VRF name

  management  Known VRF name

N5K(config)# logging server 10.9.6.7 6 use-vrf management

If you've configured Syslog with a wrong VRF, the show logging output will display an error "This server is temporarily unreachable." Ensure the Syslog IP address is reachable on the configured VRF. Note the default Syslog severity level is 6 (information) and default UDP port 514.

N5K# show logging

Logging console:                disabled

Logging monitor:                enabled (Severity: notifications)

Logging linecard:               enabled (Severity: notifications)

Logging fex:            enabled (Severity: notifications)

Logging timestamp:              Seconds

Logging source-interface :      disabled

Logging server:                 enabled

{10.9.6.7}

        server severity:        information

        server facility:        local7

        server VRF:             management

        server port:            514

Logging origin_id :             enabled (string: N5K)

Logging logflash:               disabled

Logging rate-limit:             enabled

Logging logfile:                enabled

        Name - messages: Severity - notifications Size - 4194304

Logging persistent :            disabled (Reason: Logflash CF card not online.)

N5K# ping 10.9.6.7 vrf management

PING 10.9.6.7 (10.9.6.7): 56 data bytes

64 bytes from 10.9.6.7: icmp_seq=0 ttl=232 time=35.613 ms

64 bytes from 10.9.6.7: icmp_seq=1 ttl=232 time=35.573 ms

64 bytes from 10.9.6.7: icmp_seq=2 ttl=232 time=35.69 ms

64 bytes from 10.9.6.7: icmp_seq=3 ttl=232 time=35.523 ms

64 bytes from 10.9.6.7: icmp_seq=4 ttl=232 time=35.57 ms

--- 10.9.6.7 ping statistics ---

5 packets transmitted, 5 packets received, 0.00% packet loss

round-trip min/avg/max = 35.523/35.593/35.69 ms