Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1007
Views
0
Helpful
3
Replies

Requesting for Syslog config help on ASA

Go to solution
Tarjeet Singh
Level 1
Level 1

‎02-11-2014 03:41 PM

I am trying to configure Syslog on ASA 5510 and 5505. I just want ASA to sent Syslog message for Warning. while i have only defined trap for Warning. it is still sending message for level 3,2, and 1

In Cisco notes it says

You can specify the severity level number (1 through 7) or name. For example, if you set the severity level to 3, then the ASA send syslog messages for severity levels 3, 2, and 1.

How I can limit my message to just Level to 3 instead of getting 2,1 level at same time..

logging enable

logging timestamp

logging buffer-size 128000

logging trap warnings  ---------------------only trying to send Warning but i am also getting Critical logs in my server

logging asdm informational

logging host inside 10.80.13.42

I also tried to do Class base but it is not sending any messages to syslog

logging enable

logging timestamp

logging list VPN level warnings

logging list VPN level warnings class auth

logging list VPN level warnings class vpn

logging list VPN level warnings class ssl

logging buffer-size 128000

logging buffered VPN

logging host inside 10.80.13.42

Please advice. thanks in advance...

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎02-11-2014 03:54 PM

The settings are, as noted in the documentation, inclusive of higher priority messages. The only way (on an ASA)  I know of excluding the Level 1,2 and 3 messages when you are logging Level 4 would be to specifically exclude the individual syslog messages by number.

Why would you not want the higher priority messages?

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎02-11-2014 03:54 PM

The settings are, as noted in the documentation, inclusive of higher priority messages. The only way (on an ASA)  I know of excluding the Level 1,2 and 3 messages when you are logging Level 4 would be to specifically exclude the individual syslog messages by number.

Why would you not want the higher priority messages?

0 Helpful

Go to solution
Tarjeet Singh
Level 1
Level 1
In response to Marvin Rhoads

‎02-11-2014 04:18 PM

My Client only wants to receive message for warning into his external Syslog server so he can track VPN users login if we keep getting Critical logs then it will fill whole server quickly and you wont be able to see login users

Can you please suggest me, how i can exclude syslog level 1,2 and only receive 3

thank you

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to Tarjeet Singh

‎02-11-2014 04:35 PM

Probably the easiest way to do what you're asking would be to elevate the severity level (say to "1" = "alert" - see levels here) of the specific messages you are looking for and then making that your global logging level.

If you're getting too many "other" severity 1 messages, you have a much bigger problem than tracking VPN users.

The VPN users login syslog message ID (I don't know the message ID off the top of my head) would be elevated like this example

0 Helpful
Customers Also Viewed These Support Documents
Top