Thursday, December 3, 2009

Configuring Advanced Syslog on Cisco ASA Firewall

In this example I want to change the default severity level at which user login messages get logged.

Step 1: Find the syslog message ID for when a user logs in:

hostname(config)#show log | include admin
Dec 03 2009 17:32:35: %ASA-6-605005: Login permitted from 192.168.202.51/3507 to inside:192.168.2.20/ssh for user "admin"

Step 2: Find the current logging level for message ID 605005:

hostname(config)#show logging message 605005
syslog 605005: default-level informational (enabled)

Step 3: Change the logging level for message ID 605005 to warnings level:

hostname(config)#logging message 605005 level warnings

Step 4: Verify the new logging level for message ID 605005:

hostname(config)#show logging message 605005
syslog 605005: default-level informational, current-level warnings (enabled)

No comments:

Post a Comment