03-01-2016 03:09 PM - edited 03-12-2019 12:25 AM
Hi,
I want to send new connection (TCP, UDP, or ICMP) events that are on the ASA to my central syslog. FOr instance, if a an IP address creates a TCP connection to a web server, I would like that event to be sent to the syslog.
One way I accomplish this is by enabling debug and sending ALL the events to the syslog but with this method, its going to undue stress on the ASA and fill up the syslog server with unnecessary events.
Is there more efficient way to do this?
Solved! Go to Solution.
03-01-2016 03:32 PM
I don't think it will hurt the ASA that much, especially if you are using normal UDP logging. I think you only need "informational" as well, rather than "debug".
The other way is to create a logging list, and specify the events to log - but you'll probably find 99% of the messages logged with be flow messages anyway so you probably wont save much.
03-01-2016 05:35 PM
Hi Sudip,
You can try using a customized logging list for
Please check the following document:
How to enable Logging List on ASA:
https://supportforums.cisco.com/document/73511/how-enable-syslogs-asa
Regards,
Aditya
Please rate helpful posts.
03-01-2016 03:32 PM
I don't think it will hurt the ASA that much, especially if you are using normal UDP logging. I think you only need "informational" as well, rather than "debug".
The other way is to create a logging list, and specify the events to log - but you'll probably find 99% of the messages logged with be flow messages anyway so you probably wont save much.
03-01-2016 05:35 PM
Hi Sudip,
You can try using a customized logging list for
Please check the following document:
How to enable Logging List on ASA:
https://supportforums.cisco.com/document/73511/how-enable-syslogs-asa
Regards,
Aditya
Please rate helpful posts.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide