I am new to Cisco firewalls and it is generating large logs on our syslog server. Looking for some recommendations on settings to ensure for PCI compliancy, troubleshooting and security we are still logging the needed events but to also cut down the volume of syslog messages generated.
Is it possible to send different syslog messages to individual syslog servers?
It reads like you can with filter lists but in ADSM it only allows you to assign a filter list to all syslog servers not just one.
Is it recommended to set the access rules to a level other then default? When we do show log on an access rule we see nothing. Considering seting all access rules to notifications.
Looking from some recommendations from some of the seasoned veterans.