10-19-2004 01:31 AM - edited 03-09-2019 09:08 AM
Hi ,
Anyone can tell me what level logging should be suitable , because i install it a new pix 515e , i set it logging level 4 and after 15mins later i found that the logging size about 1MB , is it too high for level 4 ? pls advise , thx
Stanley
10-19-2004 06:29 AM
I don't know that there is a definitive answer to this as it really depends on what you need/want to see. However, in most cases, level 4 - warnings is what most people log to during "normal" activity.
The 6.3 code has a feature that allows you to move specific syslog messages to a different level. Take a look at your logs and see if there are 1 or 2 messages that are taking up a mojority of the space. If you don't need/want them but you do want other messages at that level, either disable them or move them to a higher level that you do not log. Take a look here for more info on this:
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/config/sysmgmt.htm#wp1119533
I know this isn't a great answer but as I said, I don't know that a great answer really exists for this question.
Scott
10-19-2004 09:40 AM
You can suppress some messages (e.g. when connection is closed is not so important, instead, when somebody is scanning your network could be).
I found that suppressing the following msg do the work on my non-core firewalls (on core I log everything).
Look at PIX 6.3 docs for explanation of such messages.
no logging message 305012
no logging message 305011
no logging message 303002
no logging message 302015
no logging message 302014
no logging message 302013
no logging message 304001
no logging message 302016
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide