Logging Levels
Different severity levels are attached to incoming messages. You can think of these levels as
indicating the type of message. A Security Appliance can be configured to send messages at
different levels. Table 10-2 lists these levels from highest to lowest importance.
How Syslog Works 253
Many of the logging commands require that you specify a severity level threshold to indicate
which syslog messages can be sent to the output locations. The lower the level number, the
more severe the syslog message. The default severity level is 3 (error). During configuration,
you can specify the severity level as either a number or a keyword, as described in Table 10-2.
The level you specify causes the Cisco Security Appliance Firewall to send the messages of
that level and below to the output location. For example, if you specify severity level 3
(error), a Security Appliance, such as the PIX, sends severity level 0 (emergency), 1 (alert), 2
(critical), and 3 (error) messages to the output location.
Changing Syslog Message Levels
PIX Firewall version 6.3 gives you the option to modify the level at which a specific syslog
message is issued and to disable specific syslog messages. This feature provides you with more
flexibility because you can specify which message you are logging and at what level. To
change the logging level for all syslog servers, enter the following command syntax:
logging message syslog_id [level levelid]
To change the level of a specific syslog message, enter the following command syntax:
logging message syslog_id level levelid
The variables syslog_id and levelid represent the numeric identifier and severity level assigned
to the syslog message, respectively, as shown in Table 10-2.
Table 10-2 Logging Severity Levels
Level/Keyword Numeric Code System Condition
Emergency 0 System unusable message
Alert 1 Take immediate action
Critical 2 Critical condition
Error 3 Error message
Warning 4 Warning message
Notification 5 Normal but significant condition
Informational 6 Information message
Debug 7 Debug message, log FTP commands, and WWW URLs