topic Re: Creating custom event lists to be sent to syslog server (ASA in Network Security

Creating custom event lists to be sent to syslog server (ASA 5520)

whiteford — Mon, 11 Mar 2019 12:04:34 GMT

Hi, I'm hoping this is possible. I need to set the syslog ID of 106023 to error level (currently warning) only for about a dozen IP addresses only (as it generates millions of logs) can I do this, I can't see a way?

Re: Creating custom event lists to be sent to syslog server (ASA

abinjola — Tue, 19 Feb 2008 14:38:49 GMT

Nopes

Re: Creating custom event lists to be sent to syslog server (ASA

jamesgonzo — Tue, 19 Feb 2008 15:44:59 GMT

It's all or nothing then?

I want to basically send alerts to my syslog server when my DMZ web servers (on my ASA) have denied access to Internet users attempting to hack. 106023 ID shows this.

Re: Creating custom event lists to be sent to syslog server (ASA

abinjola — Tue, 19 Feb 2008 16:04:45 GMT

you can't lower the log level to a specific message ID for few IPs..though you may filter it on KIWI log server

Re: Creating custom event lists to be sent to syslog server (ASA

jamesgonzo — Tue, 19 Feb 2008 16:06:18 GMT

I want to basically send alerts to my syslog server when my DMZ web servers (on my ASA) have denied access to Internet users attempting to hack. 106023 ID shows this.

106023 creates to many alerts on it's own for my database I think it will fill up fast. What a shame.

Re: Creating custom event lists to be sent to syslog server (ASA

abinjola — Tue, 19 Feb 2008 16:12:32 GMT

do you want to report all the traffic for 106023 to KIWI..well thats possible, however as whitefor asked, you can't point logs for this message ID for few IPS...either its all traffic or none at all

Re: Creating custom event lists to be sent to syslog server (ASA

jamesgonzo — Tue, 19 Feb 2008 16:33:42 GMT

Unless it's possible to create an access rule which includes my external web server IP range and if any thing is denied/triggered then log it to critical?