Configuring Syslog on a Cisco Security Appliance
The logging command is used to configure logging on the PIX Firewall. Logging is disabled
by default. Table 10-3 describes the parameters of the logging command.
Table 10-3 logging Command Parameters
Command Description
logging on Enables the transmission of syslog messages to all
output locations. You can disable sending syslog
messages with the no logging on command.
no logging message n Allows you to disable specific syslog messages. Use the
logging message message_number command to resume
logging of specific disabled messages.
logging buffered n Stores syslog messages in the Cisco Security Appliance
so that you can view them with the show logging
command. Cisco Systems recommends that you use this
command to view syslog messages when the PIX
Seecurity Appliance is in use on a network.
clear logging Clears the message buffer created with the logging
buffered command.
clear logging message Reenables all disabled syslog messages.
logging console n Displays syslog messages on a Security Appliance
console as they occur. Use this command when you are
debugging problems or when there is minimal load on
the network. Do not use this command when the
network is busy because it can reduce the Security
Appliance performance.
logging monitor n Displays syslog messages when you access the Security
Appliance console with Telnet.
continues
256 Chapter 10: Syslog and the Cisco Security Appliance
Configuring the ASDM to View Logging
The ASDM Log panel, shown in Figure 10-1, allows you to view syslog messages that are
captured in the ASDM Log buffer in the Security Appliance memory. You may select the level
of syslog messages you want to view. When you view the ASDM Log, all the buffered syslog
messages at and below the logging level you choose are displayed.
loggin device -id n Sets the device ID that will be logged with a syslog
message.
logging host [interface] ip_address Specifies the host that receives the syslog messages.
[protocol/ port] A Cisco Security Appliance can send messages across
UDP or TCP (which you specify by setting the protocol
variable). The default UDP port is 514. The default
TCP port is 1470.
logging history severity_level Sets the logging level for SNMP traps.
logging queue msg_count Specifies how many syslog messages can appear in the
message queue while waiting for processing. The
default is 512 messages. Use the show logging queue
command to view queue statistics.
logging timestamp Specifies that each message sent to the syslog server
should include a timestamp to indicate when the event
occurred.
logging trap n Sets the logging level for syslog messages.
show logging disabled Displays a complete list of disabled syslog messages.
show logging Lists the current syslog messages and which logging
command options are enabled.
logging standby Lets the failover standby unit send syslog messages.