Syslog

Question 1

Which alerts will be seen on the console when running the command: logging console warnings?

A. warnings only
B. warnings, notifications, error, debugging, informational
C. warnings, errors, critical, alerts, emergencies
D. notifications, warnings, errors
E. warnings, errors, critical, alerts

Answer: C

Explanation

The Message Logging is divided into 8 levels as listed below:

Level Keyword Description
0 emergencies System is unusable
1 alerts Immediate action is needed
2 critical Critical conditions exist
3 errors Error conditions exist
4 warnings Warning conditions exist
5 notification Normal, but significant, conditions exist
6 informational Informational messages
7 debugging Debugging messages

The highest level is level 0 (emergencies). The lowest level is level 7. If you specify a level with the “logging console level” command, that level and all the higher levels will be displayed. For example, by using the “logging console warnings” command, all the logging of emergencies, alerts, critical, errors, warnings will be displayed.

Question 2

Network engineer wants to configure logging to compile and send information to an external server. Which type of logging must be configured?

A. Terminal
B. Syslog
C. Buffer
D. Console

Answer: B

Explanation

Syslog can be configured to send messages to an external server for storing. The storage size does not depend on the router’s resources and is limited only by the available disk space on the external Syslog server. For example, to instruct our router to send Syslog messages to 192.168.1.2 we can simply use only this command (all parameters are at default values):

R1(config)#logging 192.168.1.2

We cannot send other options (terminal, buffer, console) to external server.

Question 3

Which command do you enter to display log messages with a timestamp that includes the length of time since the device was last rebooted?

A. service timestamps log uptime
B. logging facility 20
C. service timestamps debugging localtime msec
D. logging console errors
E. logging monitor 7
F. service timestamps log datetime msec

Answer: A

Explanation

The “service timestamps log uptime” enables timestamps on log messages, showing the time since the system was rebooted. For example:

00:00:46: %LINK-3-UPDOWN: Interface Port-channel1, changed state to up

Question 4

A network engineer enables a trunk port and encounters the following message:

%LINEPROTO-5- UPDOWN: Line protocol on Interface FastEthernet 1/1, changed state to up.

What is the severity level of this message?

A. alert
B. critical
C. notification
D. informational

Answer: C

Explanation

Syslog levels are listed below:

Level Keyword Description
0 emergencies System is unusable
1 alerts Immediate action is needed
2 critical Critical conditions exist
3 errors Error conditions exist
4 warnings Warning conditions exist
5 notification Normal, but significant, conditions exist
6 informational Informational messages
7 debugging Debugging messages

Number “5” in “%LINEPROTO-5- UPDOWN” is the severity level of this message so in this case it is “notification”.

Question 5

Up/ down interface, what log severity level?

A. level 3
B. level 4
C. level 5
D. level 0

Answer: A

Explanation

Maybe this question wants to mention about this Syslog message:

00:00:47: %LINK-3-UPDOWN: Interface GigabitEthernet1/0/1, changed state to up

-> The log secerity level of this warning is 3 – errors

Question 6

The network engineer types the follow commands in a router:

logging host 172.16.10.12 logging trap 5

What do these commands do?

A. Export messages of notifications for an external server
B. Show notifications in CLI
C. Sends info to host 172.16.10.12 with notifications less than or equal to 5
D. Sends info to host 172.16.10.12 with notifications greater than or equal to 5

Answer: C

Question 7

A network engineer executes the commands “logging host 172.16.200.225” and “logging trap 5”. Which action results when these two commands are executed together?

A. Logging messages that have a debugging severity level are sent to the remote server 172.16.200.225.
B. Logged information is stored locally, showing the sources as 172.16.200.225
C. Logging messages that have any severity level are sent to the remote server 172.16.200.225
D. Logging messages that have a severity level of “notifications” and above (numerically lower) are sent to the remote server 172.16.200.225

Answer: D

Question 8

After a recent DoS attack on a network, senior management asks you to implement better logging functionality on all IOS-based devices. Which two actions can you take to provide enhanced logging results? (Choose two)

A. Use the msec option to enable service time stamps.
B. Increase the logging history
C. Set the logging severity level to 1.
D. Specify a logging rate limit.
E. Disable event logging on all noncritical items.

Answer: A B

Explanation

“Increase the logging history” here is same as “increase the logging buffer”. The default buffer size is 4096 bytes. By increasing the logging buffer size we can see more history logging messages. But do not make the buffer size too large because the access point could run out of memory for other tasks. We can write the logging messages to a outside logging server instead.