71-4
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 71 Configuring Logging
Information About Logging
Message Classes and Range of Syslog IDs
For a list of syslog message classes and the ranges of syslog message IDs that are associated with each
class, see the Cisco ASA 5500 Series System Log Messages.
Filtering Syslog Messages
You can filter generated syslog messages so that only certain syslog messages are sent to a particular
output destination. For example, you could configure the adaptive security appliance to send all syslog
messages to one output destination and to send a subset of those syslog messages to a different output
destination.
Specifically, you can configure the adaptive security appliance so that syslog messages are directed to
an output destination according to the following criteria:
• Syslog message ID number
• Syslog message severity level
• Syslog message class (equivalent to a functional area of the adaptive security appliance)
You customize these criteria by creating a message list that you can specify when you set the output
destination. Alternatively, you can configure the adaptive security appliance to send a particular message
class to each type of output destination independently of the message list.
You can use syslog message classes in two ways:
• Specify an output location for an entire category of syslog messages using the logging class
command.
• Create a message list that specifies the message class using the logging list command.
The syslog message class provides a method of categorizing syslog messages by type, equivalent to a
feature or function of the adaptive security appliance. For example, the vpnc class denotes the VPN
client.
All syslog messages in a particular class share the same initial three digits in their syslog message ID
numbers. For example, all syslog message IDs that begin with the digits 611 are associated with the vpnc
(VPN client) class. Syslog messages associated with the VPN client feature range from 611101 to
611323.
In addition, most of the ISAKMP syslog messages have a common set of prepended objects to help
identify the tunnel. These objects precede the descriptive text of a syslog message when available. If the
object is not known at the time the syslog message is generated, the specific heading = value
combination is not displayed.
The objects are prefixed as follows:
Group = groupname, Username = user, IP = IP_address, ...
Where the group identifies the tunnel-group, the username is the username from the local database or
AAA server, and the IP address is the public IP address of the remote access client or L2L peer.
Sorting in the Log Viewers
You can sort messages in all ASDM log viewers (that is, the Real-Time Log Viewer, the Log Buffer
Viewer, and the Latest ASDM Syslog Events Viewer). To sort tables by multiple columns, click the
header of the first column that you want to sort by, then press and hold down the Ctrl key and at the same
To Next Page
Loading...
Need help?
General
