Hello, everyone. Let's get started with our next topic. Sis log.
So Sis Log is basically a standard message logging protocol that enables network devices to send event messages to a logging server using UDP default Port 514 in trouble shooting. It is helpful in identifying a root cause of an issue
that may arise on your network or system.
Systolic messages can be categorized according to severity levels from zero, the highest to seven, the lowest. You'll discuss this a little bit more later in the course.
When your network devices reach a certain severity level, it will send systolic messages to the server.
This allows external storage space to store logs instead of utilising network device. Disk space, which is pretty much limited and important logs may be overridden.
Hence, this is smoke server should include a database,
the sufficient to handle the large volume of CIS log messages generated by network devices. And there should be a policy as well on data archiving and retention. In order not to overwhelm the server with too much data, you may even decide to prioritize only the useful information. However you choose to identify them
and delete unnecessary logs.
Keep in mind, though, to ensure proper processing are in place.
Sis Log has eight severity levels, so from level zero through seven, it starts from
informational and debugging
to share in demonic that I made up myself, which I hope you may find helpful is every alert can easily worry networking individuals drastically.
Let's start with the lowest severity level and work our way up.
Debugging is where very detailed information is displayed, and it's used to help troubleshoot certain events that occur.
The informational level is where normal operation messages are displayed. Informing everything seems to be working out as it should.
This usually requires no action.
The notifications level informs when there are some unusual events presence
but not causing any issues at the moment.
The warnings level is where you should start paying closer attention as this informs that the unusual events are now near the border line, where it can cause an error if no action is taken.
This is where you can start preventing an incident before something goes wrong.
The errors level indicates an error has occurred and affected a part of the system
from this level and above. It is where you start remedying a situation
at the critical level. It is starting to get a little bit more serious, for example, of failure on the system component.
The system is still operational and hopefully there's still time to fix the issue.
The alerts level is in the verge of a complete system failure and requires immediate action.
The system may still be operational, but at this point it is starting to greatly effect and degree the network and its services
and that the emergencies level it basically indicates that the system is unusable at this point.
Also, please bear in mind toe only enable debugging if and only when it is necessary. Because the data is so extensive it tends to consume. A lot of resource is.
So If you're not troubleshooting, please disable it.
All right. A pop quiz
since Log was configured to trap blog's with severity level, for
which two off the following levels will not be generated or displayed on the logging server.
and the answer is informational and debugging,
and we're done with the module.
So for today we discussed houses, log works in the network and the eight severity levels zero through seven.