76-17
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 76 Configuring Logging
Configuring Logging
Step 1 Choose Configuration > Device Management > Logging > Event Lists.
Step 2 Click Add to display the Add Event List dialog box.
Step 3 In the Name field, enter the name of the event list. No spaces are allowed.
Step 4 In the Event Class/Severity area, click Add to display the Add Class and Severity Filter dialog box.
Step 5 Choose the event class from the drop-down list. Available event classes change according to the device
mode that you are using.
Step 6 Choose the severity level from the drop-down list. Severity levels include the following:
• Emergency (level 0, system is unusable)
Note Using a severity level of zero is not recommended.
• Alert (level 1, immediate action is needed)
• Critical (level 2, critical conditions)
• Error (level 3, error conditions)
• Warning (level 4, warning conditions)
• Notification (level 5, normal but significant conditions)
• Informational (level 6, informational messages only)
• Debugging (level 7, debugging messages only)
Step 7 Click OK to close this dialog box.
Step 8 In the Message ID Filters area, click Add to display the Add Syslog Message ID Filter dialog box.
Step 9 In the Message IDs field, enter a syslog message ID or range of IDs (for example, 101001-199012) to
include in the filter.
Step 10 Click OK to close this dialog box.
The event of interest appears in the list. To change this entry, click Edit.
Generating Syslog Messages in EMBLEM Format to a Syslog Server
To generate syslog messages in EMBLEM format to a syslog server, perform the following steps:
Step 1 Choose Configuration > Device Management > Logging > Syslog Server.
Step 2 To add a new syslog server, click Add to display the Add Syslog Server dialog box. To change an existing
syslog server settings, click Edit to display the Edit Syslog Server dialog box.
Note You can set up a maximum of four syslog servers per security context (up to a total of 16).
Step 3 Specify the number of messages that are allowed to be queued on the ASA when a syslog server is busy.
A zero value means an unlimited number of messages may be queued.
Step 4 Check the Allow user traffic to pass when TCP syslog server is down check box to specify whether
or not to restrict all traffic if any syslog server is down.