Cisco ASA Series Cli Configuration Manual page 1972
Software version 9.0 for the services module
Hide thumbs
Also See for ASA Series:
- Configuration manual (429 pages) ,
- Getting started (31 pages) ,
- Mount and connect (12 pages)
Table of Contents
Advertisement
Configuring Logging
Firewall Mode Guidelines
Supported in routed and transparent firewall modes.
IPv6 Guidelines
Does not support IPv6.
Additional Guidelines
•
•
•
Configuring Logging
This section describes how to configure logging and includes the following topics:
•
•
Note
The minimum configuration depends on what you want to do and what your requirements are for
handling syslog messages in the ASA and ASASM.
Cisco ASA Series CLI Configuration Guide
1-6
Sending syslogs over TCP is not supported on a standby ASA.
The ASA supports the configuration of 16 syslog servers with the logging host command in single
context mode. In multiple context mode, the limitation is 4 servers per context.
When you use a custom message list to match only access list hits, the access list logs are not
generated for access lists that have had their logging severity level increased to debugging (level 7).
The default logging severity level is set to 6 for the logging list command. This default behavior is
by design. When you explicitly change the logging severity level of the access list configuration to
debugging, you must also change the logging configuration itself.
The following is sample output from the show running-config logging command that will not
include access list hits, because their logging severity level has been changed to debugging:
hostname# show running-config logging
logging enable
logging timestamp
logging list test message 106100
logging buffered test
The following is sample output from the show running-config logging command that will include
access list hits:
hostname# show running-config logging
logging enable
logging timestamp
logging buffered debugging
In this case, the access list configuration does not change and the number of access list hits appears,
as shown in the following example:
hostname(config)# access-list global line 1 extended permit icmp any host 4.2.2.2 log
debugging interval 1 (hitcnt=7) 0xf36b5386
hostname(config)# access-list global line 2 extended permit tcp host 10.1.1.2 any eq
www log informational interval 1 (hitcnt=18) 0xe7e7c3b8
hostname(config)# access-list global line 3 extended permit ip any any (hitcnt=543)
0x25f9e609
Enabling Logging, page 1-7
Configuring an Output Destination, page 1-7
Chapter 1
Configuring Logging
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
