Message Filtering Overview - Cisco FirePOWER ASA 5500 series Configuration Manual
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
Chapter 42
Monitoring the Security Appliance
Message Filtering Overview
You can filter generated system log messages so that only certain system log messages are sent to a
particular output destination. For example, you could configure the security appliance to send all system
log messages to one output destination and also to send a subset of those system log messages to a
different output destination.
Specifically, you can configure the security appliance so that system log messages are directed to an
output destination according to the following criteria:
•
•
•
You customize the above criteria by creating a message list that you can specify when you set the output
destination in the
You can alternatively configure the security appliance to send a particular message class to each type of
output destination independently of the message list.
For example, you could configure the security appliance to send to the internal log buffer all system log
messages with severity levels of 1, 2 and 3, send all system log messages in the "ha" class to a particular
syslog server, or create a list of messages that you name "high-priority" that are sent to an e-mail address
to notify system administrators of a possible problem.
Filtering System Log Messages by Class
The system log message class provides a method of categorizing system log messages by type,
equivalent to a feature or function of the security appliance. For example, the "vpnc" class denotes the
VPN client.
This section includes the following topics:
•
•
Message Class Overview
With logging classes, you can specify an output location for an entire category of system log messages
with a single command.
You can use system log message classes in two ways:
•
•
All system log messages in a particular class share the same initial 3 digits in their system log message
ID numbers. For example, all system log message IDs that begin with the digits 611 are associated with
the vpnc (VPN client) class. System log messages associated with the VPN client feature range from
611101 to 611323.
OL-10088-01
System log message ID number
System log message severity level
System log message class (equivalent to a functional area of the security appliance)
"Configuring Log Output Destinations" section on page
Message Class Overview, page 42-15
Sending All Messages in a Class to a Specified Output Destination, page 42-16
Issue the logging class command to specify an output location for an entire category of system log
messages.
Create a message list using the logging list command that specifies the message class. See the
"Filtering System Log Messages with Custom Message Lists" section on page 42-17
method.
Cisco Security Appliance Command Line Configuration Guide
Configuring and Managing Logs
42-7.
for this
42-15
Advertisement
Table of Contents
Troubleshooting
