ASA logs

Unanswered Question
Mar 25th, 2009


I am facing issue with accessing firewall syslog files.the size is around 2GB.It says i need to open it with another editor rather than notepad.I tried with wordpad but it hungsup.

Any suggestions on this.Also i have heard that the logs are stored by date( a day each) in seperate log files.How do i enable that?

Thanks in advance!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (2 ratings)
cisco24x7 Wed, 03/25/2009 - 05:20

The best syslog would be syslog-ng which will give the ability to rotate the log file at certain size, date, etc... If you have multiple firewalls, syslog-ng can store logs in separate files.

syslog-ng comes free with most Linux distribution

Collin Clark Wed, 03/25/2009 - 06:02

Any application will have trouble opening a 2GB log file. Try using a syslog server like RSyslog ( it also has a web front-end so you can view a log and filter the results. If you want to have each device as a separate log file, you will need to configure it in your conf file on your server.

Hope that helps.

suthomas1 Wed, 03/25/2009 - 06:49

ok..not each device as seperate log file...same device but it would give seperate log files for each there a way on this..


lorih.fns Wed, 03/25/2009 - 13:25

For viewing large syslog files, or any large text file for that matter, I like UltraEdit. UltraEdit can handle and edit files in excess of 4 gigabytes.

It's fairly inexpensive and has tons of great attributes that make it worth every penny!!!

Collin Clark Wed, 03/25/2009 - 13:31

UltraEdit is the best text editor out there, however even it has problems with a 2GB file (probably more the PC than the app). I also use GSplit to take the file and break it up. Excel and it's Auto Filter option are very useful as well.

cisco24x7 Wed, 03/25/2009 - 17:06

Why would anyone want to view a >2GB file is beyond me. Perl, MySQL, awk and grep were developed for extracting from large file like this.

suthomas1 Thu, 03/26/2009 - 19:39

thanks for the inputs..another query.

how do you stop the logs being continually generated/updated to the particular text file inside the system logs from the device.

I am trying to delete the log file...but it says something else is using this,probably the firewall is generating logs into this.

Any ideas on do we stop this for i need to configure anything on firewall for this?


Collin Clark Mon, 03/30/2009 - 06:19

You either have to stop syslog from the firewall, stop it on the server or copy the log file and read the copied file.


This Discussion