11-28-2011 02:57 PM - edited 03-11-2019 02:56 PM
Can the ASA allows to exclude source ip/destination ip on its log?
I have some source/destination ip addresses kept filling up the sys log that I don't want to see those on the log.
I guess I could filtered out by message ID number; but the rule is not specific.
11-29-2011 07:54 AM
You may send your log to UNIX syslog-server and then grep it as you wish.
11-29-2011 08:26 AM
Hi
Yes it can. (The ASA)
There is a grep in the ASA already so no need to export it for that reason alone.
And there is grep for windows also and there is the windows find command also.
(no need to be discouraged if you do not feel comfortable with linux/unix/bsd)
example
Sh log | e (TCP|UDP) will give you everything BUT any row with UDP or TCP in it
it will however give you the rows with tcp and/or udp in them.(case sensitive)
show log | e (UDP|TCP|ICMP)
will not show rows with UDP TCP or ICMP in them
to say it you would state
show log pipe exclude left paranthetis UDP pipe TCP pipe ICMP right paranthesis
IF we are talking about the syslog reciever, then it is all up to your syslog software what that can do with the incoming traffic.
My personal motto is log everything want nothing.
Good luck
HTH
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide