Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1291
Views
0
Helpful
2
Replies

Exclude source/destination ip on ASA log?

kope
Level 1
Level 1

‎11-28-2011 02:57 PM - edited ‎03-11-2019 02:56 PM

Can the ASA allows to exclude source ip/destination ip on its log?

I have some source/destination ip addresses kept filling up the sys log that I don't want to see those on the log.

I guess I could filtered out by message ID number; but the rule is not specific.

Labels:
0 Helpful
2 Replies 2

andrey.dugin
Level 1
Level 1

‎11-29-2011 07:54 AM

You may send your log to UNIX syslog-server and then grep it as you wish.

0 Helpful

hobbe
Level 7
Level 7

‎11-29-2011 08:26 AM

Hi

Yes it can. (The ASA)

There is a grep in the ASA already so no need to export it for that reason alone.

And there is grep for windows also and there  is the windows find command also.

(no need to be discouraged if you do not feel comfortable with linux/unix/bsd)

example

Sh log | e (TCP|UDP) will give you everything BUT any row with UDP or TCP in it

it will however give you the rows with tcp and/or udp in them.(case sensitive)

show log | e (UDP|TCP|ICMP)

will not show rows with UDP TCP or ICMP in them

to say it you would state

show log pipe exclude left paranthetis UDP pipe TCP pipe ICMP right paranthesis

IF we are talking about the syslog reciever, then it is all up to your syslog software what that can do with the incoming traffic.

My personal motto is log everything want nothing.

Good luck

HTH

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card