cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
360
Views
0
Helpful
6
Replies

Creating custom event lists to be sent to syslog server (ASA 5520)

whiteford
Level 1
Level 1

Hi, I'm hoping this is possible. I need to set the syslog ID of 106023 to error level (currently warning) only for about a dozen IP addresses only (as it generates millions of logs) can I do this, I can't see a way?

6 Replies 6

abinjola
Cisco Employee
Cisco Employee

Nopes

It's all or nothing then?

I want to basically send alerts to my syslog server when my DMZ web servers (on my ASA) have denied access to Internet users attempting to hack. 106023 ID shows this.

you can't lower the log level to a specific message ID for few IPs..though you may filter it on KIWI log server

I want to basically send alerts to my syslog server when my DMZ web servers (on my ASA) have denied access to Internet users attempting to hack. 106023 ID shows this.

106023 creates to many alerts on it's own for my database I think it will fill up fast. What a shame.

do you want to report all the traffic for 106023 to KIWI..well thats possible, however as whitefor asked, you can't point logs for this message ID for few IPS...either its all traffic or none at all

Unless it's possible to create an access rule which includes my external web server IP range and if any thing is denied/triggered then log it to critical?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: