07-07-2010 01:42 AM - edited 03-11-2019 11:08 AM
Hi Halijenn / experts
I have a query regarding syslog messages and wanted to send only the commands to syslog which are run by user in configuration mode .Hence please let me know what is exactly meant by the command "config " if i configure the below in ASA.I have gone through various Cisco docs however was not able to find the explanation . Will the "class config " command log all the information regarding the commands which are executed by the user in configuration mode . If yes , will it include the show commands as well ?
ASA(config)#logging list MYLIST level informational class config
Solved! Go to Solution.
07-07-2010 05:34 AM
This syslog:
%ASA-5-111008: User 'enable_15' executed the 'clear logging buffer' command.
falls under syslog messages starting with 111, so yes, the above is also included in "config" class.
07-07-2010 04:02 AM
Syslog class 'config' consists of syslog message that starts with the following numbers 111, 112, 208, 308 as per the following URL:
http://www.cisco.com/en/US/docs/security/asa/asa80/system/message/logmsgs.html#wp4768518
Hope that helps.
07-07-2010 05:09 AM
Hi halijenn
Will it contain 165 as well as mentioned below . If not then in what class it will be contained ?
165>%ASA-5-111008: User 'enable_15' executed the 'clear logging buffer' command.
07-07-2010 05:34 AM
This syslog:
%ASA-5-111008: User 'enable_15' executed the 'clear logging buffer' command.
falls under syslog messages starting with 111, so yes, the above is also included in "config" class.
07-07-2010 06:11 AM
thanks again halijenn !!! , however please let me know as to why it is not mentioned in the document . Is it a Bug ? Anyhow thanks for resolving my query
07-07-2010 06:13 AM
Thanks for the rating as always.
Which part is not mentioned in the documentation?
07-07-2010 06:50 AM
165>%ASA-5-111008: User 'enable_15' executed the 'clear logging buffer' command. In this Message ID 165 is not associated with any of the class in Syslog Message Classes and Associated Message ID Numbers
07-07-2010 05:41 PM
I believe 165 is just the sequence number of the syslog messages itself, not the class of the actual syslog message. 165 will give you the timestamp of each syslog messages.
07-10-2010 05:23 AM
Hi halijenn
I am still not sure if 165 is not the message ID as for the same we get the output of the configuration done by us in command mode (as seen in below logs) .Also strange is the thing that description of 165 is not mentioned in the document ) .Please correct me if i am wrong . Also i am not able to understand the time stamp you are talking about .
http://www.cisco.com/en/US/docs/security/asa/asa80/system/message/logmsgs.html#wp4768518
<165>%ASA-5-111008: User 'enable_15' executed the 'exit' command.
<165>%ASA-5-111005: console end configuration: OK
<165>%ASA-5-111007: Begin configuration: console reading from terminal
<165>%ASA-5-111008: User 'enable_15' executed the 'configure terminal' command.
I have one more query which is not related to above
If i have 2 messages to be sent as warnings (though the default level is something else) to the syslog server whether i can specify my customized severity level as mentioned below
logging list MYLIST message 111008-111009
logging trap MYLIST
111008 is having LEVEL 5
111009 is having LEVEL 7
If i configure the below in addition to above , will i get both the messages in syslog as level warnings ?
logging message 111008 level warnings
logging message 111009 level warnings
07-10-2010 10:21 PM
I am not aware of <165> is anything significant in regards to the syslog message itself. Can you pls advise on which syslog you are actually seeing this? whether it is through console logging, buffered logging, monitor or on the syslog server itself?
I just quickly do a lab recreate on buffered logging, and didn't see the <165> as the syslog message itself started from the % sign:
%ASA-5-111008: User 'enable_15' executed the 'logging buffered debugging' command.
%ASA-5-111005: console end configuration: OK
In regards to changing the syslog message level so the level that you wanted, you are absolutely right.
From your example:
Syslog# 111008 (level 5) will be changed to level warnings with "logging message 111008 level warnings" command.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide