Filtering System Log Messages With Custom Message Lists - Cisco PIX 500 Series Configuration Manual
Security appliance command line
Hide thumbs
Also See for PIX 500 Series:
- Administration manual (653 pages) ,
- Quick start manual (72 pages) ,
- User manual (60 pages)
Table of Contents
Advertisement
Configuring and Managing Logs
Filtering System Log Messages with Custom Message Lists
Creating a custom message list is a flexible way to exercise fine control over which system log messages
are sent to which output destination. In a custom system log message list, you specify groups of system
log messages using any or all of the following criteria: severity level, message IDs, ranges of system log
message IDs, or by message class.
For example, message lists can be used to do the following:
•
•
A message list can include multiple criteria for selecting messages. However, you must add each
message selection criteria with a new command entry. It is possible to create a message list containing
overlapping message selection criteria. If two criteria in a message list select the same message, the
message is logged only once.
To create a customized list that the adaptive security appliance can use to select messages to be saved in
the log buffer, perform the following steps:
Create a message list containing criteria for selecting messages by entering the following command:
Step 1
hostname(config)# logging list name {level level [class message_class ] |
message start_id [
Where the name argument specifies the name of the list. Do not use the names of severity levels as the
name of a system log message list. Prohibited names include "emergencies," "alert," "critical," "error,"
"warning," "notification," "informational," and "debugging." Similarly, do not use the first three
characters of these words at the beginning of a file name. For example, do not use a filename that starts
with the characters "err."
The level level argument specifies the severity level. You can specify the severity level number (0
through 7) or name. For severity level names, see the
example, if you set the level to 3, then the adaptive security appliance sends system log messages for
level 3, 2, 1, and 0.
The class message_class argument specifies a particular message class. See
for a list of class names.
The message start_id[-end_id] argument specifies an individual system log message ID number or a
range of numbers.
The following example creates a message list named notif-list that specifies messages with a severity
level of 3 or higher should be saved in the log buffer:
hostname(config)# logging list notif-list level 3
(Optional) If you want to add more criteria for message selection to the list, enter the same command as
Step 2
in the previous step, specifying the name of the existing message list and the additional criterion. Enter
a new command for each criterion you want to add to the list.
The following example adds criteria to the message list—a range of message ID numbers and the
message class ha (high availability or failover):
hostname(config)# logging list notif-list 104024-105999
hostname(config)# logging list notif-list level critical
hostname(config)# logging list notif-list level warning class ha
Cisco Security Appliance Command Line Configuration Guide
42-18
Select system log messages with severity levels of 1 and 2 and send them to one or more e-mail
addresses.
Select all system log messages associated with a message class (such as "ha") and save them to the
internal buffer.
-
end_id ]}
Chapter 42
Monitoring the Security Appliance
"Severity Levels" section on page
Table 42-2 on page 42-17
42-24. For
OL-12172-03
Advertisement
Table of Contents
Troubleshooting
