I currently have an ASA configured in production within my network that is set a bit high (200K msg per/hr) in respect to logging. My issue with this is that it pretty much has rendered our syslog server useless...too many messages...sorting through the 500MB log file = double fail.
I was wondering if anyone from the group could share their insights on some of the following:
- What should a firewall generate a syslog message for?
- Best practices for ASA syslog configuration
- Templates anyone uses for ASA syslog configuration
question 1: Syslogs are useful to find out why a connection did not get built, why the device rebooted, was there any attack, etc. For troubleshooting an issue, syslogs are very important. So, disable the messages according to your own discretion.
question 2: You can disable some very general syslogs messages like built and teardown connection messages. The command is "no logging message ".
question 3: Enabling or disabling syslogs is completely your call. You can disable the syslog messages you don't need.
Hope this is clear. Here is a document that might help:
Hi, We are getting below Alarm on ISE frequently. we verified COA enabled on WLC and there is no impact on users as we didnt receive any complain from users. Dynamic Authorization Failed for Device : Server=ISE-1; Network Device Name=WLC WLC Firmware = 8....
the Cisco CPN Client for a long time to connect to a VPN Server. Now I've got a new machine with a Windows 7 64 bit. The Cisco VPN Client isn't avaiable in a 64 bit version. Cisco suggests to use Cisco AnyConnect instead because there'a 64 bit version ava...
May 2016Splunk is a powerful tool for analyzing information in your organization by collecting, storing, alerting, reporting, and analyzing machine data. With Cisco platform Exchange Grid (pxGrid) Splunk is able to proactively act on received network secu...
Happy to announce that we have an updated version of our Enabling AMP on Content Security Products - Best Practices (v3.0). Please feel free to review if you have questions regarding deployment of AMP (File Reputation and File Analysis).
Updated: July 2018
New: Updated format , Netflow configuration examples per platform (End of Table)
Note: Remember the table is scrollable horizontally to view other columns, not only vertically
IOS / IOS XE