Configuring And Managing Logs - Cisco FirePOWER ASA 5500 series Configuration Manual
Security appliance command line
Hide thumbs
Also See for FirePOWER ASA 5500 series:
- Datasheet (20 pages) ,
- Configuration manual (1140 pages)
Table of Contents
Advertisement
Chapter 42
Monitoring the Security Appliance
Configuring and Managing Logs
This section describes the logging functionality and configuration. It also describes the system log
message format, options and variables.
•
•
•
•
•
•
•
Logging Overview
The security appliance system logs provide you with information for monitoring and troubleshooting the
security appliance. Using the logging feature, you can do the following:
•
•
•
•
•
You can choose to send all system log messages, or subsets of system log messages, to any or all output
locations. You can filter which system log messages are sent to which locations by the severity of the
system log message, the class of the system log message, or by creating a custom log message list.
Logging in Multiple Context Mode
Each security context includes its own logging configuration and generates its own messages. If you log
in to the system or admin context, and then change to another context, messages you view in your session
are only those that are related to the current context.
System messages that are generated in the system execution space, including failover messages, are
viewed in the admin context along with messages generated in the admin context. You cannot configure
logging or view any logging information in the system execution space.
You can configure the security appliance to include the context name with each message, which helps
you differentiate context messages that are sent to a single syslog server. This feature also helps you to
determine which messages are from the admin context and which are from the system; messages that
originate in the system execution space use a device ID of system, and messages that originate in the
admin context use the name of the admin context as the device ID. For more information about enabling
logging device IDs, see the
OL-10088-01
Logging Overview, page 42-5
Logging in Multiple Context Mode, page 42-5
Enabling and Disabling Logging, page 42-6
Configuring Log Output Destinations, page 42-7
Filtering System Log Messages, page 42-14
Customizing the Log Configuration, page 42-18
Understanding System Log Messages, page 42-23
Specify which system log messages should be logged.
Disable or change the severity level of a system log message.
Specify one or more locations where system log messages should be sent, including an internal
buffer, one or more syslog servers, ASDM, an SNMP management station, specified e-mail
addresses, or to Telnet and SSH sessions.
Configure and manage system log messages in groups, such as by severity level or class of message.
Specify what happens to the contents of the internal buffer when the buffer becomes full: overwrite
the buffer, send the buffer contents to an FTP server, or save the contents to internal Flash memory.
"Including the Device ID in System Log Messages" section on page
Cisco Security Appliance Command Line Configuration Guide
Configuring and Managing Logs
42-19.
42-5
Advertisement
Table of Contents
Troubleshooting
