Thanks for your suggestion, but I use this configuration and get only syslog messages with a severity level of 3 and lower. So no messages of any hit, because these messages use the severity level of 6, but as I mentioned, I don't want to change the general severity level of 3, otherwise I will receive too many messages I don't care. I only want beside the error-messages and lower to get informed when a hit occur.

im not sure then if thats possible through the logging commands but you could change it then use discriminator to block all unwanted messages going to syslog as another option if you cant find the solution in the logging commands


https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/esm/command/esm-cr-book/esm-cr-a1.html#wp1888787448


logging discriminator discr-name [ [facility] [mnemonics] [msg-body] { drops string | includes string } ] [ severity { drops sev-num | includes sev-num } ] [ rate-limit msglimit ]

no logging discriminator discr-name
Syntax Description

discr-name


String of a maximum of eight alphanumeric, case-sensitive characters. Blank spaces between characters are not allowed.

facility


(Optional) Message subfilter for the facility pattern in an event message.

mnemonics


(Optional) Message subfilter for the mnemonic pattern in an event message.

msg-body


(Optional) Message subfilter for the msg-body pattern in an event message.

drops


Drops messages that match the pattern, including the specified regular expression.

includes


Delivers messages that match the pattern, including the specified regular expression string.

string


(Optional) Expression used for message filtering.

severity


(Optional) Message subfilter by severity level or group.

sev-num


(Optional) Integer that identifies the severity level or multiple levels. Multiple levels must be separated with a comma (,).

rate-limit


(Optional) Specifies a number of messages to be processed within a unit of time.

msglimit


(Optional) Integer in the range of 1 to 10000 that identifies the