Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1665
Views
0
Helpful
1
Replies

ASA Logging Configuration

jc84_
Level 1
Level 1

‎07-06-2011 06:03 AM - edited ‎03-11-2019 01:55 PM

Hi Group,

I currently have an ASA configured in production within my network that is set a bit high (200K msg per/hr) in respect to logging.  My issue with this is that it pretty much has rendered our syslog server useless...too many messages...sorting through the 500MB log file = double fail.

I was wondering if anyone from the group could share their insights on some of the following:

- What should a firewall generate a syslog message for?

- Best practices for ASA syslog configuration

- Templates anyone uses for ASA syslog configuration

- Thoughts and insights

Thanks in advance!

Labels:
0 Helpful
1 Reply 1

Anu M Chacko
Cisco Employee
Cisco Employee

‎07-06-2011 06:21 AM

Hi Jeff,

question 1: Syslogs are useful to find out why a connection did not get built, why the device rebooted, was there any attack, etc. For troubleshooting an issue, syslogs are very important. So, disable the messages according to your own discretion.

question 2: You can disable some very general syslogs messages like built and teardown connection messages. The command is "no logging message ".

question 3:  Enabling or disabling syslogs is completely your call. You can disable the syslog messages you don't need.

Hope this is clear. Here is a document that might help:

http://www.cisco.com/web/about/security/intelligence/identify-incidents-via-syslog.html#9

Hope this helps!

Regards,

Anu

P.S. Please mark this question as answered if it has been resolved. Do rate helpful posts.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card