https://community.cisco.com/t5/network-security/asa-logging-configuration/m-p/1700574#M536513 <HTML><HEAD></HEAD><BODY><P>Hi Jeff,</P><P></P><P>question 1: Syslogs are useful to find out why a connection did not get built, why the device rebooted, was there any attack, etc. For troubleshooting an issue, syslogs are very important. So, disable the messages according to your own discretion.</P><P></P><P>question 2: You can disable some very general syslogs messages like built and teardown connection messages. The command is "no logging message <MSG number="">".</MSG></P><P></P><P>question 3:&nbsp; Enabling or disabling syslogs is completely your call. You can disable the syslog messages you don't need.</P><P></P><P>Hope this is clear. Here is a document that might help:</P><P><A href="http://www.cisco.com/web/about/security/intelligence/identify-incidents-via-syslog.html#9">http://www.cisco.com/web/about/security/intelligence/identify-incidents-via-syslog.html#9</A></P><P></P><P>Hope this helps!</P><P></P><P>Regards,</P><P>Anu</P><P></P><P>P.S. Please mark this question as answered if it has been resolved. Do rate helpful posts.</P></BODY></HTML> Wed, 06 Jul 2011 13:21:14 GMT Anu M Chacko 2011-07-06T13:21:14Z https://community.cisco.com/t5/network-security/asa-logging-configuration/m-p/1700573#M536512 <P>Hi Group,</P><P></P><P>I currently have an ASA configured in production within my network that is set a bit high (200K msg per/hr) in respect to logging.&nbsp; My issue with this is that it pretty much has rendered our syslog server useless...too many messages...sorting through the 500MB log file = double fail.</P><P></P><P>I was wondering if anyone from the group could share their insights on some of the following:</P><P></P><P>- What should a firewall generate a syslog message for?</P><P>- Best practices for ASA syslog configuration</P><P>- Templates anyone uses for ASA syslog configuration</P><P>- Thoughts and insights <SPAN __jive_emoticon_name="happy" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/4.5.4/images/emoticons/happy.gif"></SPAN></P><P></P><P>Thanks in advance!</P> Mon, 11 Mar 2019 20:55:18 GMT https://community.cisco.com/t5/network-security/asa-logging-configuration/m-p/1700573#M536512 jc84_ 2019-03-11T20:55:18Z https://community.cisco.com/t5/network-security/asa-logging-configuration/m-p/1700574#M536513 <HTML><HEAD></HEAD><BODY><P>Hi Jeff,</P><P></P><P>question 1: Syslogs are useful to find out why a connection did not get built, why the device rebooted, was there any attack, etc. For troubleshooting an issue, syslogs are very important. So, disable the messages according to your own discretion.</P><P></P><P>question 2: You can disable some very general syslogs messages like built and teardown connection messages. The command is "no logging message <MSG number="">".</MSG></P><P></P><P>question 3:&nbsp; Enabling or disabling syslogs is completely your call. You can disable the syslog messages you don't need.</P><P></P><P>Hope this is clear. Here is a document that might help:</P><P><A href="http://www.cisco.com/web/about/security/intelligence/identify-incidents-via-syslog.html#9">http://www.cisco.com/web/about/security/intelligence/identify-incidents-via-syslog.html#9</A></P><P></P><P>Hope this helps!</P><P></P><P>Regards,</P><P>Anu</P><P></P><P>P.S. Please mark this question as answered if it has been resolved. Do rate helpful posts.</P></BODY></HTML> Wed, 06 Jul 2011 13:21:14 GMT https://community.cisco.com/t5/network-security/asa-logging-configuration/m-p/1700574#M536513 Anu M Chacko 2011-07-06T13:21:14Z