02-19-2008 06:25 AM - edited 03-11-2019 05:04 AM
Hi, I'm hoping this is possible. I need to set the syslog ID of 106023 to error level (currently warning) only for about a dozen IP addresses only (as it generates millions of logs) can I do this, I can't see a way?
02-19-2008 06:38 AM
Nopes
02-19-2008 07:44 AM
It's all or nothing then?
I want to basically send alerts to my syslog server when my DMZ web servers (on my ASA) have denied access to Internet users attempting to hack. 106023 ID shows this.
02-19-2008 08:04 AM
you can't lower the log level to a specific message ID for few IPs..though you may filter it on KIWI log server
02-19-2008 08:06 AM
I want to basically send alerts to my syslog server when my DMZ web servers (on my ASA) have denied access to Internet users attempting to hack. 106023 ID shows this.
106023 creates to many alerts on it's own for my database I think it will fill up fast. What a shame.
02-19-2008 08:12 AM
do you want to report all the traffic for 106023 to KIWI..well thats possible, however as whitefor asked, you can't point logs for this message ID for few IPS...either its all traffic or none at all
02-19-2008 08:33 AM
Unless it's possible to create an access rule which includes my external web server IP range and if any thing is denied/triggered then log it to critical?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: