We have NetBIOS set up on the workstations in our network, but do not have a WINS server. As a result, the ASA is dropping all the NetBIOS broadcast traffic, which is what it is suppose to do, but the excessive amount of log events that it creates is getting sent to our syslog server which complicates reporting. Technically, I could just disable 710005 message logging, but as far as I can tell I would have to cancel it across the board, rather than just being able to disable it for services 137 or 138 (NetBIOS).
There is some additional 'no logging' commands that I don't quite understand and am not sure if it would solve my issue:
ASA(config)# no logging message 710005 ?
configure mode commands/options:
level Specify a syslog level
<cr>
ASA(config)# no logging message 710005 level ?
configure mode commands/options:
<0-7> Enter syslog level (0 - 7)
alerts Immediate action needed (severity=1)
critical Critical conditions (severity=2)
debugging Debugging messages (severity=7)
emergencies System is unusable (severity=0)
errors Error conditions (severity=3)
informational Informational messages (severity=6)
notifications Normal but significant conditions (severity=5)
warnings Warning conditions (severity=4)
So here are my questions:
1. Would the above commands allow me to just disable 710005 logging for a particular service (probably not)?
2. What is the downside of disabling 710005 logging? Do I put myself at a troubleshooting disadvantage if I do so? Is there a legitimate possibility that I could miss a bigger event taking place if I disabled this logging message?
These are the messages that are flooding my syslog server which triggered this post:
ASA-7-710005
No UDP server to service the request
request discarded to service 137
From the server-side perspective, we may be able to just disable NetBIOS, but if we decide not to do that I would need to know the best networking solution...
