https://community.cisco.com/t5/network-security/asa-syslog-issues/m-p/4777647#M1097924 <P>can I see last config&nbsp;</P> Fri, 17 Feb 2023 19:20:40 GMT MHM Cisco World 2023-02-17T19:20:40Z https://community.cisco.com/t5/network-security/asa-syslog-issues/m-p/4777089#M1097877 <P>Seems I'm having some issues configuring the syslog output correctly.</P><P>My config is as follows:<BR />PPOK-EC-FW-2# sho run logging<BR />logging enable<BR />logging timestamp<BR />no logging hide username<BR />logging list vpn level warnings<BR />logging list vpn message 722022<BR />logging list vpn message 722023<BR />logging buffer-size 8092<BR />logging console warnings<BR />logging monitor errors<BR />logging buffered vpn<BR />logging trap warnings<BR />logging asdm warnings<BR />logging from-address EC2.ASA@ppok.com<BR />logging recipient-address firewalladmin@ppok.com level alerts<BR />logging facility 21<BR />logging device-id ipaddress inside<BR />logging host inside x.x.x.x<BR />logging permit-hostdown<BR />logging class auth trap informational<BR />logging class vpdn trap informational<BR />logging class vpn trap informational<BR />logging class vpnc trap informational<BR />logging class webvpn trap informational<BR />logging class svc trap informational<BR /><BR /></P><P>i am only interested in receiving levels 0-4 and the specific 2 level 6 messages.&nbsp; however, i am seeing quite a few extra level 6 messages that i need to eliminate.&nbsp; when i remove the logging class commands, i stop receiving all the extra messages, as well as 722022.&nbsp; then i'm stuck only getting the 722023 message and levels 0-4.&nbsp; any thoughts?&nbsp; i'm not sure what is going on, it's odd that i have to have those extra messages.</P><P>&nbsp;</P><P>TIA</P><P>Jay</P> Thu, 16 Feb 2023 22:51:06 GMT https://community.cisco.com/t5/network-security/asa-syslog-issues/m-p/4777089#M1097877 James Lytle 2023-02-16T22:51:06Z https://community.cisco.com/t5/network-security/asa-syslog-issues/m-p/4777093#M1097879 <P>what extra messages do you have as an example?</P> <P>check the message list with priority:</P> <P><A href="https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/b_syslog/messages-listed-by-severity-level.html" target="_blank">https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/b_syslog/messages-listed-by-severity-level.html</A></P> <P><STRONG>logging facility 21 ( so amend the correct facility to get all the output)</STRONG></P> <P>Cisco FW shows it as 16-23 and the same are interpreted as 0-7 by syslog server</P> <P>16 = Local0 on syslog</P> <P>17 = Local1&nbsp;on rsyslog</P> <P>18 = Local2&nbsp;on syslog</P> <P>19 = Local3&nbsp;on syslog</P> <P>20 = Local4&nbsp;on syslog</P> <P>21 = Local5&nbsp;on syslog</P> <P>22 = Local6&nbsp;on syslog</P> <P>23 = Local7&nbsp;on syslog</P> Thu, 16 Feb 2023 23:10:23 GMT https://community.cisco.com/t5/network-security/asa-syslog-issues/m-p/4777093#M1097879 balaji.bandi 2023-02-16T23:10:23Z https://community.cisco.com/t5/network-security/asa-syslog-issues/m-p/4777128#M1097882 <P>I'm seeing multiple level 6 messages other than 722022 and 722023.&nbsp; Currently, I'm seeing 722055, 716002, 716038, 716058, 716059, 113012, 716002, 113008, 611101, 113009 and 113039.&nbsp; There may be more unless I missed it.&nbsp; These extra messages amount to quite a few extra messages per day, filling the syslogs with messages that are basically being ignored.</P> Fri, 17 Feb 2023 02:12:07 GMT https://community.cisco.com/t5/network-security/asa-syslog-issues/m-p/4777128#M1097882 James Lytle 2023-02-17T02:12:07Z https://community.cisco.com/t5/network-security/asa-syslog-issues/m-p/4777309#M1097886 <P><A href="https://www.packetswitch.co.uk/cisco-asa-syslog-simplified/" target="_blank">Cisco ASA Syslog Simplified (packetswitch.co.uk)</A></P> <P>there are some solution check each one&nbsp;<BR />1-</P> <LI-CODE lang="markup">no logging message 722055 716002</LI-CODE> <P>2-<BR />&nbsp;using message class&nbsp;<BR />3-<BR />using logging list&nbsp;</P> Fri, 17 Feb 2023 09:19:00 GMT https://community.cisco.com/t5/network-security/asa-syslog-issues/m-p/4777309#M1097886 MHM Cisco World 2023-02-17T09:19:00Z https://community.cisco.com/t5/network-security/asa-syslog-issues/m-p/4777393#M1097895 <P>Okay.&nbsp; I'll try option #1.&nbsp; I'm already using option #2 and #3.&nbsp; If I remove the message class statements, it corrects some of the issue, but then I stop getting the 722022 messages and only receive the 722023.&nbsp; However, all the other messages stop coming in as well, so that's a partial solution.&nbsp; I'm using the logging list command in an attempt to narrow down to only those 2 level 6 messages, and allow anything 0-4, which is where the issue all started.</P> Fri, 17 Feb 2023 12:11:05 GMT https://community.cisco.com/t5/network-security/asa-syslog-issues/m-p/4777393#M1097895 James Lytle 2023-02-17T12:11:05Z https://community.cisco.com/t5/network-security/asa-syslog-issues/m-p/4777646#M1097923 <P>well, option #1 did not affect the events being sent to syslog.&nbsp; back to square one.</P> Fri, 17 Feb 2023 19:14:41 GMT https://community.cisco.com/t5/network-security/asa-syslog-issues/m-p/4777646#M1097923 James Lytle 2023-02-17T19:14:41Z https://community.cisco.com/t5/network-security/asa-syslog-issues/m-p/4777647#M1097924 <P>can I see last config&nbsp;</P> Fri, 17 Feb 2023 19:20:40 GMT https://community.cisco.com/t5/network-security/asa-syslog-issues/m-p/4777647#M1097924 MHM Cisco World 2023-02-17T19:20:40Z https://community.cisco.com/t5/network-security/asa-syslog-issues/m-p/4777653#M1097925 <P><SPAN>ogging enable</SPAN><BR /><SPAN>logging timestamp</SPAN><BR /><SPAN>no logging hide username</SPAN><BR /><SPAN>logging list vpn level warnings</SPAN><BR /><SPAN>logging list vpn message 722022</SPAN><BR /><SPAN>logging list vpn message 722023</SPAN><BR /><SPAN>logging buffer-size 8092</SPAN><BR /><SPAN>logging console warnings</SPAN><BR /><SPAN>logging monitor errors</SPAN><BR /><SPAN>logging buffered vpn</SPAN><BR /><SPAN>logging trap warnings</SPAN><BR /><SPAN>logging asdm warnings</SPAN><BR /><SPAN>logging from-address EC2.ASA@ppok.com</SPAN><BR /><SPAN>logging recipient-address firewalladmin@ppok.com level alerts</SPAN><BR /><SPAN>logging facility 21</SPAN><BR /><SPAN>logging device-id ipaddress inside</SPAN><BR /><SPAN>logging host inside x.x.x.x</SPAN><BR /><SPAN>logging permit-hostdown</SPAN><BR /><SPAN>logging class auth trap informational</SPAN><BR /><SPAN>logging class vpdn trap informational</SPAN><BR /><SPAN>logging class vpn trap informational</SPAN><BR /><SPAN>logging class vpnc trap informational</SPAN><BR /><SPAN>logging class webvpn trap informational</SPAN><BR /><SPAN>logging class svc trap informational</SPAN></P><P>&nbsp;</P> Fri, 17 Feb 2023 19:35:25 GMT https://community.cisco.com/t5/network-security/asa-syslog-issues/m-p/4777653#M1097925 James Lytle 2023-02-17T19:35:25Z https://community.cisco.com/t5/network-security/asa-syslog-issues/m-p/4777840#M1097935 <P>Hello Freind&nbsp;<BR />I think I found solution&nbsp;</P> <P>you can only change the default level of message from Level 6 to Level 0-4&nbsp;<BR />this make get logging level from 0-4 and also get two message from level 6 (it level now will appear as level 0-4)<BR /><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="asa log.png" style="width: 992px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/176781iEEB65A31576A61AA/image-size/large?v=v2&amp;px=999" role="button" title="asa log.png" alt="asa log.png" /></span></P> Sat, 18 Feb 2023 10:23:58 GMT https://community.cisco.com/t5/network-security/asa-syslog-issues/m-p/4777840#M1097935 MHM Cisco World 2023-02-18T10:23:58Z https://community.cisco.com/t5/network-security/asa-syslog-issues/m-p/4778456#M1097985 <P>you can also try :</P> <P>logging message 722022 level 6<BR />logging message 722023 level 6</P> <P>&nbsp;</P> Mon, 20 Feb 2023 09:54:20 GMT https://community.cisco.com/t5/network-security/asa-syslog-issues/m-p/4778456#M1097985 balaji.bandi 2023-02-20T09:54:20Z