Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
733
Views
8
Helpful
11
Replies

ASA logs

suthomas1
Level 6
Level 6

‎03-25-2009 05:00 AM - edited ‎03-11-2019 08:09 AM

Hi..

I am facing issue with accessing firewall syslog files.the size is around 2GB.It says i need to open it with another editor rather than notepad.I tried with wordpad but it hungsup.

Any suggestions on this.Also i have heard that the logs are stored by date( a day each) in seperate log files.How do i enable that?

Thanks in advance!

Labels:
0 Helpful
11 Replies 11

cisco24x7
Level 6
Level 6

‎03-25-2009 05:20 AM

The best syslog would be syslog-ng which will give the ability to rotate the log file at certain size, date, etc... If you have multiple firewalls, syslog-ng can store logs in separate files.

syslog-ng comes free with most Linux distribution

0 Helpful

Collin Clark
VIP Alumni
VIP Alumni

‎03-25-2009 06:02 AM

Any application will have trouble opening a 2GB log file. Try using a syslog server like RSyslog (http://www.rsyslog.com/) it also has a web front-end so you can view a log and filter the results. If you want to have each device as a separate log file, you will need to configure it in your conf file on your server.

Hope that helps.

suthomas1
Level 6
Level 6
In response to Collin Clark

‎03-25-2009 06:49 AM

ok..not each device as seperate log file...same device but it would give seperate log files for each day..is there a way on this..

thanks!

0 Helpful

Collin Clark
VIP Alumni
VIP Alumni
In response to suthomas1

‎03-25-2009 06:53 AM

Sure, again it would be configured in the syslog conf file.

0 Helpful

cisco24x7
Level 6
Level 6
In response to Collin Clark

‎03-25-2009 07:11 AM

This is why "splunk" was developed.

0 Helpful

lorih.fns
Level 1
Level 1

‎03-25-2009 01:25 PM

For viewing large syslog files, or any large text file for that matter, I like UltraEdit. UltraEdit can handle and edit files in excess of 4 gigabytes.

It's fairly inexpensive and has tons of great attributes that make it worth every penny!!!

Collin Clark
VIP Alumni
VIP Alumni
In response to lorih.fns

‎03-25-2009 01:31 PM

UltraEdit is the best text editor out there, however even it has problems with a 2GB file (probably more the PC than the app). I also use GSplit to take the file and break it up. Excel and it's Auto Filter option are very useful as well.

0 Helpful

cisco24x7
Level 6
Level 6
In response to Collin Clark

‎03-25-2009 05:06 PM

Why would anyone want to view a >2GB file is beyond me. Perl, MySQL, awk and grep were developed for extracting from large file like this.

0 Helpful

suthomas1
Level 6
Level 6
In response to cisco24x7

‎03-26-2009 07:39 PM

thanks for the inputs..another query.

how do you stop the logs being continually generated/updated to the particular text file inside the system logs from the device.

I am trying to delete the log file...but it says something else is using this,probably the firewall is generating logs into this.

Any ideas on this..how do we stop this for sometime..do i need to configure anything on firewall for this?

Thanks!!

0 Helpful

suthomas1
Level 6
Level 6
In response to suthomas1

‎03-29-2009 06:23 AM

Any ideas on stopping the above!

thanks!!

0 Helpful

Collin Clark
VIP Alumni
VIP Alumni
In response to suthomas1

‎03-30-2009 06:19 AM

You either have to stop syslog from the firewall, stop it on the server or copy the log file and read the copied file.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card