Filtering System Log Messages With Custom Message Lists - Cisco FirePOWER ASA 5500 series Configuration Manual

Chapter 42 Monitoring the Security Appliance
Table 42-2 System Log Message Classes and Associated Message ID Numbers
Class (continued)
rm
ids
vpnc
webvpn
ca
e-mail
vpnlb
vpnfo
npssl

Filtering System Log Messages with Custom Message Lists

Creating a custom message list is a flexible way to exercise fine control over which system log messages
are sent to which output destination. In a custom system log message list, you specify groups of system
log messages using any or all of the following criteria: severity level, message IDs, ranges of system log
message IDs, or by message class.
For example, message lists can be used to:
•
•
A message list can include multiple criteria for selecting messages. However, you must add each
message selection criteria with a new command entry. It is possible to create a message list containing
overlapping message selection criteria. If two criteria in a message list select the same message, the
message is logged only once.
To create a customized list that the security appliance can use to select messages to be saved in the log
buffer, perform the following steps:
Create a message list containing criteria for selecting messages by entering the following command:
Step 1
hostname(config)# logging list name {level level [class message_class] |
message start_id[-end_id]}
Where the name argument specifies the name of the list. Do not use the names of severity levels as the
name of a system log message list. Prohibited names include "emergencies," "alert," "critical," "error,"
"warning," "notification," "informational," and "debugging." Similarly, do not use the first three
characters of these words at the beginning of a file name. For example, do not use a filename that starts
with the characters "err."
The level level argument specifies the severity level. You can specify the severity level number (0
through 7) or name. For severity level names, see the
example, if you set the level to 3, then the security appliance sends system log messages for level 3, 2,
1, and 0.
The class message_class argument specifies a particular message class. See
for a list of class names.
OL-10088-01
Definition
Resource Manager
Intrusion Detection System
VPN Client
Web-based VPN
PKI Certification Authority
E-mail Proxy
VPN Load Balancing
VPN Failover
NP SSL
Select system log messages with severity levels of 1 and 2 and send them to one or more e-mail
addresses.
Select all system log messages associated with a message class (such as "ha") and save them to the
internal buffer.
System Log Message ID Numbers
321
400, 401, 415
611
716
717
719
718
720
725
"Severity Levels" section on page
Cisco Security Appliance Command Line Configuration Guide
Configuring and Managing Logs
42-23. For
Table 42-2 on page 42-16
42-17