Logging configuration on WLC

In this post we will learn how to configure WLC for logging option. Logs are always good to have while troubleshooting any issue.

Console logging: By default, the devices send all log messages to its console port. Hence only the users that are physically connected to the router console port can view these messages.

Terminal logging: It is similar to console logging, but it displays log messages to the devices VTY (Telnet or SSH) lines instead. This is not enabled by default

Buffered logging: This type of logging uses device RAM for storing log messages. Buffer has a fixed size to ensure that the log will not deplete valuable system memory.

Syslog Server logging: The device can use syslog to forward log messages to external syslog servers for storage. This type of logging is not enabled by default.

SNMP trap logging: The device is able to use SNMP traps to send log messages to an external SNMP server.

What we can configure:

Syslog:

  • Syslog host
  • Syslog facility
  • Syslog level

Message Log:

  • Buffered Log Level
  • Console Log Level
  • File Info
  • Trace Info

Syslog configuration:

Screenshot from WLC: Management > Logs > Config.

Logg1

Via GUI we have only two options for syslog configuration but via CLI we have four options:

Via GUI:

To configure syslog in cisco WLC we have to go Management > Logs > Config option.

  1. Put the IP of the syslog host where we want to send it and click on Add.
  2. Then select the syslog level from drop down box.
  3. Select the Syslog facility from drop down box.

Logg2

*** If we set a syslog level, only those messages whose severity is equal to or less than that level are sent to the syslog server.

*** After code 5.x, it’s possible to send the logging to multiple syslog servers.

Via CLI:

(WLAN1) >config logging syslog ?
 facility       Set facility for outgoing syslog mesages to remote host.
 host           Configure remote hosts for sending syslog mesages.
 level          Set severity level for filtering syslog mesages to remote host.
 tls            Configure sending syslog messages over tls.
(WLAN1) >config logging syslog host 192.168.10.1
 System logs will be sent to 192.168.10.1 from now on
(WLAN1) >config logging syslog host ?
 <A.B.C.D>      dotted IP address of the remote host.
(WLAN1) >config logging syslog facility ?
 auth-private   Authorization system (private).
 authorization  Authorization system.
 cron           Cron/at facility.
 daemon         System daemons.
 ftp            FTP daemon.
 kern           Kernel.
 local0         Local use.
 local1         Local use.
 local2         Local use.
 local3         Local use.
 local4         Local use.
 local5         Local use.
 local6         Local use.
 local7         Local use.
 lpr            Line printer system.
 mail           Mail system.
 news           USENET news.
 sys12          System use.
 sys13          System use.
 sys14          System use.
 sys15          System use.
 syslog         Syslog itself.
 user           User process.
 uucp           Unix-to-Unix copy system.
(WLAN1) >config logging syslog facility local?
 local0         local1         local2         local3         local4
 local5         local6         local7
(WLAN1) >config logging syslog facility local4
(WLAN1) >config logging syslog level ?
 <0-7>          Set syslog message logging message severity level.
 alerts         Set syslog message logging severity to 'alerts' (severity 1).
 critical       Set syslog message logging severity to 'critical' (severity 2).
 debugging      Set syslog message logging severity to 'debugging' (severity 7).
 emergencies    Set syslog message logging severity to 'emergencies' (severity 0).
 errors         Set syslog message logging severity to 'errors' (severity 3).
 informational  Set syslog message logging severity to 'informational' (severity 6).
 notifications  Set syslog message logging severity to 'notifications' (severity 5).
 warnings       Set syslog message logging severity to 'warnings' (severity 4).
(WLAN1) >config logging syslog level warnings
(WLAN1) >config logging syslog tls ?
 enable         Enable logging message to syslog over tls.
 disable        Disable logging message to syslog over tls.

***Note: When we are configuring syslogs for APs, it is always recommended to do it after the APs have joined up to the WLCs to ensure that they get the configurations.

Syslog configuration for APs via WLC CLI interface.

(WLAN1) >config ap syslog host ?
 global         Configures the global system logging host for all Cisco AP
 specific       Configures the system logging host for a specific Cisco AP.
(WLAN1) >config ap syslog host specific ?
 <ap-name>      Specify the name of the specific Cisco AP.
(WLAN1) >config ap syslog host specific AP001 ?
 <a.b.c.d>      IP address of the system logging host for the specified Cisco AP
(WLAN1) >config ap syslog host specific AP001 192.168.10.1
 (WLAN1) >config ap logging ?
 syslog         Set Ap logging syslog level.
(WLAN1) >config ap logging syslog ?
 level          Syslog level.
 facility       Facility level.
(WLAN1) >config ap logging syslog level ?
 alerts         Logging severity level 1.
 critical       Logging severity level 2.
 debugging      Logging severity level 7.
 emergencies    Logging severity level 0.
 errors         Logging severity level 3.
 informational  Logging severity level 6.
 notifications  Logging severity level 5.
 warnings       Logging severity level 4.
(WLAN1) >config ap logging syslog level warnings ?
 <Cisco AP>     Enter the name of the Cisco AP.
 all            Applies the settings to all APs.
(WLAN1) >config ap logging syslog level warnings all
(WLAN1) >config ap logging syslog facility ?
 auth           Authorization system.
 cron           Cron/at facility.
 daemon         System daemons.
 kern           Kernel.
 local0         Local use.
 local1         Local use.
 local2         Local use.
 local3         Local use.
 local4         Local use.
 local5         Local use.
 local6         Local use.
 local7         Local use.
 lpr            Line printer system.
 mail           Mail system.
 news           USENET news.
 sys10          System use.
 sys11          System use.
 sys12          System use.
 sys13          System use.
 sys14          System use.
 sys9           System use.
 syslog         Syslog itself.
 user           User process.
 uucp           Unix-to-Unix copy system.
(WLAN1) >config ap logging syslog facility lo?
 local0         local1         local2         local3         local4
 local5         local6         local7
(WLAN1) >config ap logging syslog facility loc?
 local0         local1         local2         local3         local4
 local5         local6         local7
(WLAN1) >config ap logging syslog facility local4 ?
 <Cisco AP>     Enter the name of the Cisco AP.
 all            Applies the settings to all APs.
(WLAN1) >config ap logging syslog facility local4 all

Message Log Configuration:

Via GUI:

Buffered log level:

Logg3

Console Log level:

Logg4

Via CLI:

Buffered log level:

(WLAN1) >config logging  ?
 buffered       Set buffered logging parameters.
 console        Set console logging parameters.
 debug          Set debug message logging parameters.
 exception      Limit size of exception flush output.
 fileinfo       Set source file information logging parameters.
 syslog         Configure parameters for outgoing syslog mesages.
 traceinfo      Set traceback information logging parameters.
 (WLAN1) >config logging buffered ?
 <0-7>          Set buffer logging message severity level.
 alerts         Set buffer logging severity to 'alerts' (severity 1).
 critical       Set buffer logging severity to 'critical' (severity 2).
 debugging      Set buffer logging severity to 'debugging' (severity 7).
 emergencies    Set buffer logging severity to 'emergencies' (severity 0).
 errors         Set buffer logging severity to 'errors' (severity 3).
 informational  Set buffer logging severity to 'informational' (severity 6).
 notifications  Set buffer logging severity to 'notifications' (severity 5).
 warnings       Set buffer logging severity to 'warnings' (severity 4).
 (WLAN1) >config logging buffered warnings

Console Log level:

(WLAN1) >config logging console ?
 <0-7>          Set console logging message severity level.
 alerts         Set console logging severity to 'alerts' (severity 1).
 critical       Set console logging severity to 'critical' (severity 2).
 debugging      Set console logging severity to 'debugging' (severity 7).
 disable        Disable console logging.
 emergencies    Set console logging severity to 'emergencies' (severity 0).
 errors         Set console logging severity to 'errors' (severity 3).
 informational  Set console logging severity to 'informational' (severity 6).
 notifications  Set console logging severity to 'notifications' (severity 5).
 warnings       Set console logging severity to 'warnings' (severity 4).
 (WLAN1) >config logging console warnings

To verify the syslog configuration, use the show logging command from the WLC CLI:

(WLAN1) >show logging
 Logging to buffer :
 - Logging of system messages to buffer :
 - Logging filter level.......................... warnings
 - Number of system messages logged.............. 61
 - Number of system messages dropped............. 1139290
 - Logging of debug messages to buffer ........... Disabled
 - Number of debug messages logged............... 0
 - Number of debug messages dropped.............. 0
 Logging to console :
 - Logging of system messages to console :
 - Logging filter level.......................... warnings
 - Number of system messages logged.............. 0
 - Number of system messages dropped............. 1139351
 - Logging of debug messages to console .......... Enabled
 - Number of debug messages logged............... 0
 - Number of debug messages dropped.............. 0
 Logging to syslog :
 - Syslog facility................................ local4
 - Logging of system messages to syslog :
 - Logging filter level.......................... warnings
 - Number of system messages logged.............. 61
 - Number of system messages dropped............. 1139290
 - Logging of debug messages to syslog ........... Disabled
 - Number of debug messages logged............... 0
 - Number of debug messages dropped.............. 0
 - Number of remote syslog hosts.................. 1
 - syslog over tls................................ Disabled
 - Host 0....................................... 192.168.10.1

To view the message logs use this command from WLC CLI:

(WLAN1) >show msglog

Autonomous AP Logging:

Example:

  • AAPs send syslogs to server 192.168.10.1
  • Send notifications or higher.
  • Use facility local7

Use these commands to configure:

Conf t
 logging trap notifications
 logging facility local7
 logging 192.168.10.1

 

Verification for AAP:

AAP#show logging
 Syslog logging: enabled (1 messages dropped, 19 messages rate-limited,
 0 flushes, 0 overruns, xml disabled, filtering disabled)
 Console logging: level debugging, 235 messages logged, xml disabled, filtering disabled
 Monitor logging: level debugging, 0 messages logged, xml disabled, filtering disabled
 Buffer logging: level debugging, 252 messages logged, xml disabled, filtering disabled
 Logging Exception size (4096 bytes)
 Count and timestamp logging messages: disabled
 Trap logging: level notifications, 127 message lines logged
 Logging to 192.168.10.1(global) (udp port 514, audit disabled, link up), 127 message lines logged, xml disabled, filtering disabled
AAP# show run | in facil
 logging facility local7

3 thoughts on “Logging configuration on WLC

  1. Hello Thank you so much for this post!
    Can we collect logs from configuration changes in the WLC and which user made this changes?
    Thanks!

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s