Re: Logging level problem

morganstanleylau · ‎10-19-2004

Hi ,

Anyone can tell me what level logging should be suitable , because i install it a new pix 515e , i set it logging level 4 and after 15mins later i found that the logging size about 1MB , is it too high for level 4 ? pls advise , thx

Stanley

scoclayton · ‎10-19-2004

I don't know that there is a definitive answer to this as it really depends on what you need/want to see. However, in most cases, level 4 - warnings is what most people log to during "normal" activity.

The 6.3 code has a feature that allows you to move specific syslog messages to a different level. Take a look at your logs and see if there are 1 or 2 messages that are taking up a mojority of the space. If you don't need/want them but you do want other messages at that level, either disable them or move them to a higher level that you do not log. Take a look here for more info on this:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/config/sysmgmt.htm#wp1119533

I know this isn't a great answer but as I said, I don't know that a great answer really exists for this question.

Scott

ibrunello · ‎10-19-2004

You can suppress some messages (e.g. when connection is closed is not so important, instead, when somebody is scanning your network could be).

I found that suppressing the following msg do the work on my non-core firewalls (on core I log everything).

Look at PIX 6.3 docs for explanation of such messages.

no logging message 305012

no logging message 305011

no logging message 303002

no logging message 302015

no logging message 302014

no logging message 302013

no logging message 304001

no logging message 302016