Showing results for 
Search instead for 
Did you mean: 

CSC log setting

Hi ,

I  have a CSC SSM module, with current version 6.3.1172.3. The issue is  csc is not sending all the logs to syslog server even though it is  configured to send all logs , and i am using syslog facility as   "Local3".

how  should i configure CSC SSM module , so that it should send all logs to  my syslog server, it should not keep anything in local.

Below is screenshot of the log configuration.


pls advice,

Thank you.

5 Replies 5

Panos Kampanakis
Cisco Employee
Cisco Employee

Your configuration seems right. You can set an ip for the syslog server and it will send all block syslogs.

Also it will keep syslogs locally until the fill up the space where it will purge older ones.

What are the syslogs that you are saying are missing?


Thanks pk,

Syslog server ip has been configured, and it is getting the logs of CSC , but not all. Syslog like spyware/Grayware and some more are not sent to syslog server. Because of this the memory is getting filled up. Will there be some thing to do with syslog facility option.

What i wanted is CSC must send all the logs to my syslog server, it should not keep any thing with itself.

pls advice ..



I think everything works as expected. You will not get grayware logs unless something is blocked as grayware. The CSC will not log all pages you went, it will log everything that it blocked something for any reason.

Forexample if you go to and try a "supposed to be" virus file, and the CSC blocks it, do you see a log for malicious software. Then it should be ok for grayware too if you have the Grayware checkbox checked under HTTP > Scanning.

Now if your CSC module memory is 100% that is something that needs to be investigated. I would suggest you to go to the latest pkg version of your CSC version.

I hope it makes sense.


PK :

The issue is not , whether CSC is generating proper logs as per the Thread,  the issue is if CSC is generating any log for any type of thread,it should send those logs to syslog server, in other way it should not keep any thing with in.

But i can see some type of logs with in CSC, when i go to query tab under logs,  because of that memory usage is getting high.


When you set the sysog server that doesn't mean the CSC will no longer keep syslogs locally. You cannot configure it to not keep syslogs locally. It will send logs to the server and also keep some locally.

You might be able to change the space they occupy using the root account by setting a variable, but you would need to work on it with TAC to avoid causing other issues.

I think it makes sense now, so if it does go ahead and mark this question as answered if it is.


Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers