How Syslog Works
The syslog message facility in a Cisco Security Appliance is a useful means to view
troubleshooting messages and to watch for network events such as attacks and denials of
service. The Cisco Security Appliance reports on events and activities using syslog messages,
which report on the following:
■ System status—When the Cisco Security Appliance reboots or a connection by Telnet or
the console is made or disconnected
■ Accounting—The number of bytes transferred per connection
■ Security—Dropped User Datagram Protocol (UDP) packets and denied Transmission
Control Protocol (TCP) connections
■ Resources—Notification of connection and translation slot depletion
It is important to become familiar with the logging process and logging command parameters
on a Security Appliance before you dive in and start configuring the Cisco Security Appliance
for logging. Syslog messages can be sent to several different output destinations on or off the
Security Appliance unit:
■ ASDM logging—Logging messages can be sent to the Adaptive Security Device Manager
(ASDM).
■ Console—Syslog messages can be configured to be sent to the console interface, where
the security administrator (you) can view the messages in real time as they happen when
you are connected to the console interface.
■ Internal memory buffer—Syslog messages can be sent to the buffer.
■ Telnet console—Syslog messages also can be configured to be sent to Telnet sessions.
This configuration helps you remotely administer and troubleshoot Security Appliance
units without being physically present at the location of the firewall.
■ Syslog servers—This type of configuration is particularly useful for storing syslog
messages for analysis on performance, trends, and packet activities on the Security
Appliance unit. Syslog messages are sent to UNIX servers/workstations running a syslog
daemon or to Windows servers running PIX Firewall Syslog Server (PFSS).
■ SNMP management station—Syslog traps can be configured to be sent to an SNMP
management station.