71-16
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 71      Configuring Logging
  Configuring Logging
Step 3 In the Name field, enter the name of the event list. No spaces are allowed.
Step 4 In the Event Class/Severity area, click Add to display the Add Class and Severity Filter dialog box
Step 5 Choose the event class from the drop-down list. Available event classes change according to the device 
mode that you are using.
Step 6 Choose the severity level from the drop-down list. Severity levels include the following:
• Emergency (level 0, system is unusable)
• Alert (level 1, immediate action is needed) 
• Critical (level 2, critical conditions) 
• Error (level 3, error conditions) 
• Warning (level 4, warning conditions) 
• Notification (level 5, normal but significant conditions) 
• Informational (level 6, informational messages only) 
• Debugging (level 7, debugging messages only)
Step 7 Click OK to close this dialog box.
Note Using a severity level of zero is not recommended.
Step 8 In the Message ID Filters area, click Add to display the Add Syslog Message ID Filter dialog box.
Step 9 In the Message IDs field, enter a syslog message ID or range of IDs (for example, 101001-199012) to 
include in the filter. 
Step 10 Click OK to close this dialog box.
The event of interest appears in the list. To change this entry, click Edit.
Generating Syslog Messages in EMBLEM Format to a Syslog Server
To generate syslog messages in EMBLEM format to a syslog server, perform the following steps:
Step 1 Choose Configuration > Device Management > Logging > Syslog Server.
Step 2 To add a new syslog server, click Add to display the Add Syslog Server dialog box. To change an existing 
syslog server settings, click Edit to display the Edit Syslog Server dialog box.
Step 3 Specify the number of messages that are allowed to be queued on the adaptive security appliance when 
a syslog server is busy. A zero value means an unlimited number of messages may be queued.
Step 4 Check the Allow user traffic to pass when TCP syslog server is down check box to specify whether 
or not to restrict all traffic if any syslog server is down.
Step 5 To continue, see the “Adding or Editing Syslog Server Settings” section on page 71-17.
Note You can set up a maximum of four syslog servers per security context (up to a total of 16).