01-12-2017 03:20 PM - edited 03-12-2019 06:15 AM
Hello All,
After initial lab staging, configuration and testing and of course updating / upgrading, we will have tons of log messages that we will like to clear at the time of production cutover.
What is the best way to achieve this? GUI does not have anyway ( I am using ASDM) and I can session sfr and then expert to get into linux shell to then cd into /var/log but then it has tons of directories.
I dont want to simply do a >var/logs.
Please advise.
Thanks
01-12-2017 04:51 PM
Looks like relevant directory is /var/logs/messages. If that is the case, should I empty that directory via
>var/logs/messages
01-12-2017 05:11 PM
You can use the Data Purge feature in Firepower Manager to clear events, discovered hosts etc from the GUI. Location is: System >Tools >Data Purge. I am not sure if the ASDM has the same option when managing the Firepower.
01-12-2017 05:35 PM
Thanks Rahul. ASDM does not have any such way to clear the syslog. Maybe a feature request is in order.
01-13-2017 01:19 PM
To clear the logs in ASDM, the proper process is as follows:
session sfr
expect
admin@hostname:$ sudo su -
Supply the admin password.
root@hostname:$ >messages
This will delete thousands of pages down to 2. So within seconds it fills 2 pages and this keeps happening. Not sure how can we specify the severity level of syslog so that unwanted clutter does not obscure our view from the messages of interest. Looked under Local / System policy and there is no settings for syslog. Syslog is only available as alert for as action for Intrusion policies / advanced, but these are all locally generated system events.
Here is what I have repeatedly filling the log buffers:
Jan 13 2017 16:05:08 FirePower sudo: pam_unix(sudo:session): session opened for user root by (uid=0) |
Jan 13 2017 16:05:08 FirePower sudo: www : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/usr/bin/faillog -u admin |
Jan 13 2017 16:05:08 FirePower sudo: pam_unix(sudo:session): session closed for user root |
Jan 13 2017 16:05:08 FirePower sudo: pam_unix(sudo:session): session opened for user root by (uid=0) |
Jan 13 2017 16:05:08 FirePower sudo: www : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/usr/local/sf/bin/cli_shadow -u admin |
Jan 13 2017 16:05:04 FirePower sudo: pam_unix(sudo:session): session closed for user root |
Jan 13 2017 16:05:04 FirePower sudo: pam_unix(sudo:session): session opened for user root by (uid=0) |
Jan 13 2017 16:05:04 FirePower sudo: www : TTY=unknown ; PWD=/var/sf/SRU ; USER=root ; COMMAND=/usr/bin/faillog -u admin |
Jan 13 2017 16:05:03 FirePower sudo: pam_unix(sudo:session): session closed for user root |
Jan 13 2017 16:05:03 FirePower sudo: pam_unix(sudo:session): session opened for user root by (uid=0) |
Jan 13 2017 16:05:03 FirePower sudo: www : TTY=unknown ; PWD=/var/sf/SRU ; USER=root ; COMMAND=/usr/local/sf/bin/cli_shadow -u admin |
Jan 13 2017 16:05:03 FirePower sudo: pam_unix(sudo:session): session closed for user root |
Jan 13 2017 16:05:03 FirePower sudo: pam_unix(sudo:session): session opened for user root by (uid=0) |
Jan 13 2017 16:05:03 FirePower sudo: www : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/usr/bin/faillog -u admin |
Jan 13 2017 16:05:03 FirePower sudo: pam_unix(sudo:session): session closed for user root |
Jan 13 2017 16:05:03 FirePower sudo: pam_unix(sudo:session): session opened for user root by (uid=0) |
Jan 13 2017 16:05:03 FirePower sudo: www : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/usr/local/sf/bin/cli_shadow -u admin |
Jan 13 2017 16:05:03 FirePower sudo: pam_unix(sudo:session): session closed for user root |
Jan 13 2017 16:05:03 FirePower sudo: pam_unix(sudo:session): session opened for user root by (uid=0) |
Jan 13 2017 16:05:03 FirePower sudo: www : TTY=unknown ; PWD=/var/sf/SRU ; USER=root ; COMMAND=/usr/bin/faillog -u admin |
Jan 13 2017 16:05:03 FirePower sudo: pam_unix(sudo:session): session closed for user root |
Jan 13 2017 16:05:03 FirePower sudo: pam_unix(sudo:session): session opened for user root by (uid=0) |
Jan 13 2017 16:05:03 FirePower sudo: www : TTY=unknown ; PWD=/var/sf/SRU ; USER=root ; COMMAND=/usr/local/sf/bin/cli_shadow -u admin |
09-14-2018 03:38 AM
tried the above command for ASA5508X. messages command not valid. Any help on how clear the syslogs using cli?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: