cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

255
Views
0
Helpful
2
Replies
Highlighted

Sending ASA logs to Multiple Syslog Servers with different Severity levels

Hi,

I have ASA 5555-X running IOS Version 9.12(3)12. I have 2 Syslog servers. I want to send debug messages to one of the servers but only specific messages to the second server as it has limited capacity. Does anyone have an idea on how should i filter logs sent to the second server?

 

Regards,

Stanslaus.

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
VIP Mentor

Re: Sending ASA logs to Multiple Syslog Servers with different Severity levels

I do not believe or know that ASA can have this capabilites. 

 

i would suggest below method :

 

1. send Logs to both the syslog server.

2. Filter on syslog server - what Logs required to capture rest ignore.

 

If i understand the requirement correctly, if you want to input logs to other side which you do not like to send all the logs .

 

then other method, you can filter the Logs in your syslog server, let your  syslog server send to other server only rquired logs.

 

make sense ?

 

BB
*** Rate All Helpful Responses ***

View solution in original post

2 REPLIES 2
Highlighted
VIP Mentor

Re: Sending ASA logs to Multiple Syslog Servers with different Severity levels

I do not believe or know that ASA can have this capabilites. 

 

i would suggest below method :

 

1. send Logs to both the syslog server.

2. Filter on syslog server - what Logs required to capture rest ignore.

 

If i understand the requirement correctly, if you want to input logs to other side which you do not like to send all the logs .

 

then other method, you can filter the Logs in your syslog server, let your  syslog server send to other server only rquired logs.

 

make sense ?

 

BB
*** Rate All Helpful Responses ***

View solution in original post

Highlighted

Re: Sending ASA logs to Multiple Syslog Servers with different Severity levels

Hi Balaji,

I understand your solution. The problem is that the Syslog server that receives all logs is managed by another operating company and does not talk to the one that is supposed to receive few logs. That is why i thought is could have been easier to filter logs to send to the servers on the ASA.

 

Regards,

Stanslaus.