Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2303
Views
0
Helpful
5
Replies

To reduce/drop unnecessary logs in syslog server

Go to solution
Jigar Dave
Level 3
Level 3

‎05-26-2011 08:21 AM - edited ‎03-11-2019 01:38 PM

Hello Cognizants, Greetings

I have a question, How is it possible to reduce unnecessary logs in syslog servers, I want to see/concentrate only logs which are critical and above level 7?

I am discussing about taking consideration of ASA/PIX Firewall, IDS,IPS, Router and Switches in enterprise environment

hope everyone share their experience, expertise and advices for this topic

- JD

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
fsebera
Level 4
Level 4

‎05-27-2011 04:59 AM

Jigar,

I use ASA5500 IOS 8.0(4).

Once I know the log message number I want to omit, I use this CLI command in the config:

:

no logging message (message #)

:

Here is a public reference to ASA logging:

http://www.ciscopress.com/articles/article.asp?p=424447&seqNum=3

:

Hope this helps

Frank

View solution in original post

0 Helpful
5 Replies 5

Go to solution
varrao
Level 10
Level 10

‎05-26-2011 10:02 AM

Hi Jigar,

There are different types of logging levels that you can enable on the ASA, here they are as follows:

http://www.cisco.com/en/US/partner/docs/security/asa/asa83/system/message/logsevp.html

Refer to this guide as well:

http://www.cisco.com/en/US/partner/products/hw/vpndevc/ps2030/products_configuration_example09186a00805a2e04.shtml

This is going to be really beneficial for you.

Thanks,

Varun

Thanks,
Varun Rao
0 Helpful

Go to solution
fsebera
Level 4
Level 4
In response to varrao

‎05-26-2011 12:37 PM

I am logged in with my CCO account. Both links seem to be blocked by Cisco's FORBIDDEN message.

Do you have any links for blocking syslog messages that don't require "employee" status??

Tks

Frank

0 Helpful

Go to solution
Antonio Knox
Level 7
Level 7

‎05-26-2011 12:45 PM

You may want to consider logging lists, which gives more control over the logs:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00805a2e04.shtml#use

0 Helpful

Go to solution
fsebera
Level 4
Level 4

‎05-27-2011 04:59 AM

Jigar,

I use ASA5500 IOS 8.0(4).

Once I know the log message number I want to omit, I use this CLI command in the config:

:

no logging message (message #)

:

Here is a public reference to ASA logging:

http://www.ciscopress.com/articles/article.asp?p=424447&seqNum=3

:

Hope this helps

Frank

0 Helpful

Go to solution
Jigar Dave
Level 3
Level 3
In response to fsebera

‎05-28-2011 10:56 PM

Varun, Antonio, fsebera - Thanks a lot, I will let you

know if more help needed.

HAGD

- JD

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card