42-17
Cisco Security Appliance Command Line Configuration Guide
OL-10088-01
Chapter 42 Monitoring the Security Appliance
Configuring and Managing Logs
Filtering System Log Messages with Custom Message Lists
Creating a custom message list is a flexible way to exercise fine control over which system log messages
are sent to which output destination. In a custom system log message list, you specify groups of system
log messages using any or all of the following criteria: severity level, message IDs, ranges of system log
message IDs, or by message class.
For example, message lists can be used to:
• Select system log messages with severity levels of 1 and 2 and send them to one or more e-mail
addresses.
• Select all system log messages associated with a message class (such as “ha”) and save them to the
internal buffer.
A message list can include multiple criteria for selecting messages. However, you must add each
message selection criteria with a new command entry. It is possible to create a message list containing
overlapping message selection criteria. If two criteria in a message list select the same message, the
message is logged only once.
To create a customized list that the security appliance can use to select messages to be saved in the log
buffer, perform the following steps:
Step 1 Create a message list containing criteria for selecting messages by entering the following command:
hostname(config)# logging list name {level level [class message_class] |
message start_id[-end_id]}
Where the name argument specifies the name of the list. Do not use the names of severity levels as the
name of a system log message list. Prohibited names include “emergencies,” “alert,” “critical,” “error,”
“warning,” “notification,” “informational,” and “debugging.” Similarly, do not use the first three
characters of these words at the beginning of a file name. For example, do not use a filename that starts
with the characters “err.”
The level level argument specifies the severity level. You can specify the severity level number (0
through 7) or name. For severity level names, see the “Severity Levels” section on page 42-23. For
example, if you set the level to 3, then the security appliance sends system log messages for level 3, 2,
1, and 0.
The class message_class argument specifies a particular message class. See Table 42-2 on page 42-16
for a list of class names.
rm Resource Manager 321
ids Intrusion Detection System 400, 401, 415
vpnc VPN Client 611
webvpn Web-based VPN 716
ca PKI Certification Authority 717
e-mail E-mail Proxy 719
vpnlb VPN Load Balancing 718
vpnfo VPN Failover 720
npssl NP SSL 725
Table 42-2 System Log Message Classes and Associated Message ID Numbers
Class (continued) Definition System Log Message ID Numbers
To Next Page
Loading...
