76-8
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 76 Configuring Logging
Configuring Logging
• Changing the Severity Level of a Syslog Message, page 76-21
• Limiting the Rate of Syslog Message Generation, page 76-21
• Assigning or Changing Rate Limits for Individual Syslog Messages, page 76-22
• Adding or Editing the Rate Limit for a Syslog Message, page 76-22
• Editing the Rate Limit for a Syslog Severity Level, page 76-23
Sending Syslog Messages to an External Syslog Server
You can archive messages according to the available disk space on the external syslog server, and
manipulate logging data after it is saved. For example, you could specify actions to be executed when
certain types of syslog messages are logged, extract data from the log and save the records to another
file for reporting, or track statistics using a site-specific script.
To send syslog messages to an external syslog server, perform the following steps:
Step 1 Choose Configuration > Device Management > Logging > Logging Setup.
Step 2 Check the Enable logging check box to turn on logging for the active ASA.
Step 3 Check the Enable logging on the failover standby unit check box to turn on logging for the standby
ASA, if available.
Step 4 Check the Send debug messages as syslogs check box to redirect all debugging trace output to system
logs. The syslog message does not appear on the console if this option is enabled. Therefore, to view
debugging messages, you must have logging enabled at the console and have it configured as the
destination for the debugging syslog message number and severity level. The syslog message number to
use is 711001. The default severity level for this syslog message is debugging.
Step 5 Check the Send syslogs in EMBLEM format check box to enable EMBLEM format so that it is used
for all logging destinations, except syslog servers.
Step 6 In the Buffer Size field, specify the size of the internal log buffer to which syslog messages are saved if
the logging buffer is enabled. When the buffer fills up, messages are overwritten unless you save the logs
to an FTP server or to internal flash memory. The default buffer size is 4096 bytes. The range is 4096 to
1048576.
Step 7 To save the buffer content to the FTP server before it is overwritten, check the Save Buffer To FTP
Server check box. To allow overwriting of the buffer content, uncheck this check box.
Step 8 Click Configure FTP Settings to identify the FTP server and configure the FTP parameters used to save
the buffer content. For more information, see the “Configuring FTP Settings” section on page 76-9.
Step 9 To save the buffer content to internal flash memory before it is overwritten, check the Save Buffer To
Flash check box.
Note This option is only available in single routed or transparent mode.
Step 10 Click Configure Flash Usage to specify the maximum space to be used in internal flash memory for
logging and the minimum free space to be preserved (in KB). Enabling this option creates a directory
called “syslog” on the device disk on which messages are stored. For more information, see the
“Configuring Logging Flash Usage” section on page 76-9.
Note This option is only available in single routed or transparent mode.