cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1125
Views
5
Helpful
3
Replies

ASA 8.0(4). How to stop these syslog messages?

joerggrau
Level 1
Level 1

On one of my ASA 5520 pairs (8.0(4)) on one interface I am getting a ton fo the following kind of messages:

access-list ETH_H_MPLS_access_in permitted tcp ETH_H_MPLS/2.2.2.32(2018) -> ETH_Vuhe_vm/1.1.1.103(443) hit-cnt 1 first hit [0x99b23d84, 0x95ea2028]


I only get this for one interface and not for any of the others.  Is there a way to stop these from showing up in ASDM (6.1.5) and in syslog?

Thanks
Joerg

3 Replies 3

mirober2
Cisco Employee
Cisco Employee

Hi Joerg,

Check the output of 'show run access-list'. If you see any lines with the 'log' keyword included, these messages will be logged when the ACE is matched. If you don't want to log the hits, you can remove the 'log' keyword from each access-list line.

Hope that helps.

-Mike

Mike,

I do want to kepp logging errors etc, just not the hit counts.  Is that possible?

Thanks

Joerg

Hi Joerg,

Yes, if you remove the 'log' keyword from the access-list entries all other logging will continue to work just fine. Only the hit count logs will be turned off. For example, your config could look like this:

logging enable

logging trap error

logging host 10.1.1.1

This will send all error logs to 10.1.1.1, but the access-list hits will no longer be logged.

Hope that helps.

-Mike

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: