cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1237
Views
0
Helpful
1
Replies

Logging level that will show when rules are added/changed/deleted?

lcnorwood
Level 1
Level 1

What level of logging on the ASA will enable the syslog to see when a firewall rule has been changed?  I know debugging on the config level should be able to, but I don't want to put my firewall through that level of logging for everything.

any help would be greatly appreciated!

1 Reply 1

Jouni Forss
VIP Alumni
VIP Alumni

Hi,

Would seem to me that you would be looking for Syslog messages with the following IDs

  • 111008 (level 5 = Notifications)
  • 111009 (level 7 = Debugging)
  • 111010 (level 5 = Notifications)

Source:

http://www.cisco.com/en/US/docs/security/asa/syslog-guide/logmsgs.html#wp4769400

You can also change a level of a particular Syslog ID without changing the global level configured for certain destination

Lets say you wanted the change the above Debugging level message changed to the Notifications level you would configure

logging message 111009 level notifications

I am not completely sure would you also need to add these to specify how many of such log messages could be generated and in what timeframe. Though there is an option for "unlimited" also.

logging rate-limit

logging rate-limit message 111008

logging rate-limit message 111010

- Jouni

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: