12-08-2017 07:36 AM - edited 02-21-2020 06:55 AM
Hello,
I am looking for help on syslog logging on to the terminal.
Our ASA, logs messages onto terminal which is good. But, I don't want to see all the messages like when a packet denied access by ACL it creates a log and I see on terminal. I want to know how do I disable this? Is it because of incorrect logging level or logging message? Or, is it because of the ACL itself? Your help is much appreciated as these messages eats off chunk of cpu cycles and memory space.
Dec 07 2017 23:05:25 FW-001-2 : %ASA-4-106023: Deny icmp src OUTSIDE:x.x.x.x dst OUTSIDE:x.x.x.x (type 3, code 3) by access-group "OUTSIDE_IN-NEW" [0xc208177b, 0x0]
Dec 07 2017 23:05:25 FW-001-2 : %ASA-4-106023: Deny icmp src OUTSIDE:x.x.x.x dst DMZ:x.x.x.x (type 3, code 3) by access-group "OUTSIDE_IN-NEW" [0xc208177b, 0x0]
Dec 07 2017 23:05:25 FW-001-2 : %ASA-4-106023: Deny icmp src OUTSIDE:x.x.x.x dst DMZ:x.x.x.x (type 3, code 3) by access-group "OUTSIDE_IN-NEW" [0xc208177b, 0x0]
Dec 07 2017 23:05:25 FW-001-2 : %ASA-4-106023: Deny icmp src OUTSIDE:x.x.x.x dst OUTSIDE:x.x.x.x (type 3, code 3) by access-group "OUTSIDE_IN-NEW" [0xc208177b, 0x0]
Dec 07 2017 23:05:25 FW-001-2 : %ASA-4-106023: Deny icmp src OUTSIDE:x.x.x.x dst DMZ:x.x.x.x (type 3, code 1) by access-group "OUTSIDE_IN-NEW" [0xc208177b, 0x0]
Dec 07 2017 23:05:25 FW-001-2 : %ASA-4-106023: Deny icmp src OUTSIDE:x.x.x.x dst DMZ:x.x.x.x (type 3, code 1) by access-group "OUTSIDE_IN-NEW" [0xc208177b, 0x0]
Dec 07 2017 23:05:25 FW-001-2 : %ASA-4-106023: Deny icmp src OUTSIDE:x.x.x.x dst DMZ:x.x.x.x (type 3, code 1) by access-group "OUTSIDE_IN-NEW" [0xc208177b, 0x0]
Dec 07 2017 23:05:25 FW-001-2 : %ASA-4-106023: Deny icmp src OUTSIDE:x.x.x.x dst OUTSIDE:x.x.x.x (type 3, code 1) by access-group "OUTSIDE_IN-NEW" [0xc208177b, 0x0]
FW-001-2#
Regards,
Raghav
12-08-2017 08:13 AM
raghavendrasomiyani,
Change the relevant line of the "OUTSIDE_IN-NEW" ACL so the end looks like this:
access-list OUTSIDE_IN-NEW deny [criteria] log disable
This will disable logging for entries that match that deny statement.
12-12-2017 08:13 AM
Hi Rich,
Thanks for the help, I will apply it and let you know as I have to go through the change cycle to implement this.
Regards,
Raghav.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide