Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
307
Views
2
Helpful
8
Replies

Firepower syslog retention period

Go to solution
t-iketani
Level 1
Level 1

‎01-14-2025 08:39 PM

If anyone knows about the syslog retention period on the Firepower itself, could you let me know?
I am using the Firepower 3100 series. The Firepower is acting as an ASA on the appliance. I use OS 9.20 (3).
Syslog information is basically set to be transferred to an external log server, but I would like to know if there is a syslog storage period on my device in case the external log server becomes unavailable for some reason. This assumes that the device and external environment are stable and that there are no overwrites in the syslog storage area.
Am I correct in thinking that under this condition, syslog will remain as long as the Firepower is up?
Also, if there is a syslog retention period setting on the Firepower, please let me know.

Labels:
2 Accepted Solutions

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to t-iketani

‎01-15-2025 08:09 PM

Syslog events stored to the local logging buffer will be retained until the device reboots. A reboot clears the buffer.

View solution in original post

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to t-iketani

‎01-16-2025 01:28 AM

When buffer is full It use circile' 

I.e. new log overwrite old log 

That why we need syslog server. 

Buffer is only for short term trouble.

MHM

View solution in original post

0 Helpful
8 Replies 8

Go to solution
MHM Cisco World
VIP
VIP

‎01-14-2025 10:53 PM

the log is send to 
1- console/ssh/telnet
2- external Server 
3- Internal buffer <<- here you can config size of buffer not time, 
https://www.cisco.com/c/en/us/support/docs/security/firepower-ngfw/200479-Configure-Logging-on-FTD-via-FMC.html

MHM

0 Helpful

Go to solution
t-iketani
Level 1
Level 1
In response to MHM Cisco World

‎01-15-2025 05:12 PM

MHM, thank you for your comments.

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎01-15-2025 04:34 AM

For an ASA, running on any platform, the following applies:

By default, the buffer is 4096 bytes long and can hold about 100 messages. You can adjust the size of the buffer if needed. You can use the logging buffer-size bytes command to size the buffer to 4096 to 1048576 bytes. (~25,600 messages)

Also see: https://www.cisco.com/c/en/us/td/docs/security/asa/asa-cli-reference/I-R/asa-command-ref-I-R/m_log-lz.html#wp1527859058

Go to solution
t-iketani
Level 1
Level 1
In response to Marvin Rhoads

‎01-15-2025 05:13 PM

Marvin, thank you for your comments.

0 Helpful

Go to solution
t-iketani
Level 1
Level 1

‎01-15-2025 06:50 PM

All, thank you for your comments.
However, does anyone know how long syslogs stored in the device can be stored?

0 Helpful

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame
In response to t-iketani

‎01-15-2025 08:09 PM

Syslog events stored to the local logging buffer will be retained until the device reboots. A reboot clears the buffer.

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to t-iketani

‎01-16-2025 01:28 AM

When buffer is full It use circile' 

I.e. new log overwrite old log 

That why we need syslog server. 

Buffer is only for short term trouble.

MHM

0 Helpful

Go to solution
t-iketani
Level 1
Level 1

‎01-17-2025 12:56 AM

 Dear everyone,

In the absence of an external syslog server, syslogs are stored until a device reboot occurs or the log buffer is full, if the system is stable.
(not to expire by period)

If we want to store the syslog internally, run the following command:
  logging flash-bufferwrap       or
  logging savelog

I recognized that the response will be like that.

Thank you so much for your several supports!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card