There are three steps to configuring the router to send system messages to a syslog server where they can be stored, filtered, and analyzed:
Step 1. Configure the destination hostname or IP address of the syslog server in global configuration mode:
R1(config)# logging 192.168.1.3
Step 2. Control the messages that will be sent to the syslog server with the logging trap level global configuration mode command. For example, to limit the messages to levels 4 and lower (0 to 4), use one of the two equivalent commands:
R1(config)# logging trap 4
R1(config)# logging trap warning
Step 3. Optionally, configure the source interface with the logging source-interface interface-type interface number global configuration mode command. This specifies that syslog packets contain the IPv4 or IPv6 address of a specific interface, regardless of which interface the packet uses to exit the router. For example, to set the source interface to g0/0, use the following command:
R1(config)# logging source-interface g0/0
In Figure 1, R1 is configured to send log messages of levels 4 and lower to the syslog server at 192.168.1.3. The source interface is set as the G0/0 interface. A loopback interface is created, then shut down, and then brought back up. The console output reflects these actions.
Shown in Figure 2, the Tftpd32 syslog server has been set up on a Windows 7 machine with IP address 192.168.1.3. As you can see, the only messages that appear on the syslog server are those with severity level of 4 or lower (more severe). The messages with severity level of 5 or higher (less severe) appear on the router console output, but do not appear on the syslog server output, because the logging trap limits the syslog messages sent to the syslog server based on severity.