cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

1416
Views
10
Helpful
5
Replies
Devinder Sharma
Beginner

FirePower- Clear Syslog at first Install

Hello All,

After initial lab staging, configuration and testing and of course updating / upgrading, we will have tons of log messages that we will like to clear at the time of production cutover.

What is the best way to achieve this? GUI does not have anyway ( I am using ASDM) and I can session sfr and then expert to get into linux shell to then cd into /var/log but then it has tons of directories.

I dont want to simply do a >var/logs.

Please advise.

Thanks

5 REPLIES 5
Devinder Sharma
Beginner

Looks like relevant directory is /var/logs/messages. If that is the case, should I empty that directory via

>var/logs/messages

You can use the Data Purge feature in Firepower Manager to clear events, discovered hosts etc from the GUI. Location is: System >Tools >Data Purge. I am not sure if the ASDM has the same option when managing the Firepower.

Thanks Rahul. ASDM does not have any such way to clear the syslog. Maybe a feature request is in order.

To clear the logs in ASDM, the proper process is as follows:

session sfr

expect

admin@hostname:$ sudo su -

Supply the admin password.

root@hostname:$ >messages

This will delete thousands of pages down to 2. So within seconds it fills 2 pages and this keeps happening. Not sure how can we specify the severity level of syslog so that unwanted clutter does not obscure our view from the messages of interest. Looked under Local / System policy and there is no settings for syslog. Syslog is only available as alert for as action for Intrusion policies / advanced, but these are all locally generated system events.

Here is what I have repeatedly filling the log buffers:

Jan 13 2017 16:05:08 FirePower sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 13 2017 16:05:08 FirePower sudo: www : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/usr/bin/faillog -u admin
Jan 13 2017 16:05:08 FirePower sudo: pam_unix(sudo:session): session closed for user root
Jan 13 2017 16:05:08 FirePower sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 13 2017 16:05:08 FirePower sudo: www : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/usr/local/sf/bin/cli_shadow -u admin
Jan 13 2017 16:05:04 FirePower sudo: pam_unix(sudo:session): session closed for user root
Jan 13 2017 16:05:04 FirePower sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 13 2017 16:05:04 FirePower sudo: www : TTY=unknown ; PWD=/var/sf/SRU ; USER=root ; COMMAND=/usr/bin/faillog -u admin
Jan 13 2017 16:05:03 FirePower sudo: pam_unix(sudo:session): session closed for user root
Jan 13 2017 16:05:03 FirePower sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 13 2017 16:05:03 FirePower sudo: www : TTY=unknown ; PWD=/var/sf/SRU ; USER=root ; COMMAND=/usr/local/sf/bin/cli_shadow -u admin
Jan 13 2017 16:05:03 FirePower sudo: pam_unix(sudo:session): session closed for user root
Jan 13 2017 16:05:03 FirePower sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 13 2017 16:05:03 FirePower sudo: www : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/usr/bin/faillog -u admin
Jan 13 2017 16:05:03 FirePower sudo: pam_unix(sudo:session): session closed for user root
Jan 13 2017 16:05:03 FirePower sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 13 2017 16:05:03 FirePower sudo: www : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/usr/local/sf/bin/cli_shadow -u admin
Jan 13 2017 16:05:03 FirePower sudo: pam_unix(sudo:session): session closed for user root
Jan 13 2017 16:05:03 FirePower sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 13 2017 16:05:03 FirePower sudo: www : TTY=unknown ; PWD=/var/sf/SRU ; USER=root ; COMMAND=/usr/bin/faillog -u admin
Jan 13 2017 16:05:03 FirePower sudo: pam_unix(sudo:session): session closed for user root
Jan 13 2017 16:05:03 FirePower sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Jan 13 2017 16:05:03 FirePower sudo: www : TTY=unknown ; PWD=/var/sf/SRU ; USER=root ; COMMAND=/usr/local/sf/bin/cli_shadow -u admin

tried the above command for ASA5508X. messages command not valid. Any help on how clear the syslogs using cli?

Content for Community-Ad