logging

Do you have SysLog server, or you want to keep log internally in the switch? What is switch model? For IOS switches you can do following:

conf t logg on logg buff logg or logg host

Good luck,

Mike

Do Setup a Syslog server on a lcoal machine Configure the Syslog server on the IOS Switch

Go through:

CK

t> I want to start logging all messages on my switch. like who ssh in, etc >

Yes, its a 4506 and 4503s. also some 3750s

logging buffered doesn't send to any host, only to an internal memory buffer. You need "logging trap" in order to send to a syslog host.

As to what level you should use... given the list of things you wanted to log, I'd say that you should log at least "information" (6) or perhaps even "debugging" (7). Start with debugging, and look at the various % messages that get emitted; the number after the dash is the logging level that is needed in order to log that message. If you find, for example, that everything you really want to see is %something-1 or -2 or -3 or -4 and the -5 and -6 just bore you and clog everything up, then set the logging level to 4 (warnings).

Yes, of course it will. If you get one syslog message per second, then then maximum usable capacity of that ethernet link would be reduced from 148810 packets per second to 148809 packets per second.

Logging takes bandwidth. Logging takes processing time. Logging is UDP by default, which is inherently unreliable. The destination system or something in-between might drop the packet and the destination logger would never know unless you switch to TCP logging. Logging rates are, if I recall correctly, throttled by default; UDP syslog messages may just be thrown away. And if memory serves me, at least one model (don't know about the 450x line) saves log messages and sends them in bursts to reduce CPU usage.

How fast is your logging machine? How many events do you expect to generate per second? If you suspect you might generate enough events to be a significant load on the 450x's or the logging device, then you should be considering the important question of how you are going to store all those log entries and how you are going to analyze them. If you aren't going to analyze them, no point in generating them...