cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

1477
Views
0
Helpful
1
Replies
Highlighted
Beginner

ASA Logging Configuration

Hi Group,

I currently have an ASA configured in production within my network that is set a bit high (200K msg per/hr) in respect to logging.  My issue with this is that it pretty much has rendered our syslog server useless...too many messages...sorting through the 500MB log file = double fail.

I was wondering if anyone from the group could share their insights on some of the following:

- What should a firewall generate a syslog message for?

- Best practices for ASA syslog configuration

- Templates anyone uses for ASA syslog configuration

- Thoughts and insights

Thanks in advance!

1 REPLY 1
Highlighted
Cisco Employee

Hi Jeff,

question 1: Syslogs are useful to find out why a connection did not get built, why the device rebooted, was there any attack, etc. For troubleshooting an issue, syslogs are very important. So, disable the messages according to your own discretion.

question 2: You can disable some very general syslogs messages like built and teardown connection messages. The command is "no logging message ".

question 3:  Enabling or disabling syslogs is completely your call. You can disable the syslog messages you don't need.

Hope this is clear. Here is a document that might help:

http://www.cisco.com/web/about/security/intelligence/identify-incidents-via-syslog.html#9

Hope this helps!

Regards,

Anu

P.S. Please mark this question as answered if it has been resolved. Do rate helpful posts.

Content for Community-Ad