Filter some messages from logging.

andrea.meconi · ‎08-24-2010

Hello.

I'm using any ACL entry to deny DNS request without log keyword.

I'm receiving a lot of 106010 and 106011 messages.

How can I filter these message? I don't wanto to use the no logging message command.

Many thanks for your help.

Regards.

Andrea

Jitendriya Athavale · ‎08-24-2010

if you are asking how to not see these messages in your logging, you can move these messages to a higher level of logging so that way you wont see these messages in the logging level you have defined

these messages are level 3 and if you are logging at level 6 you can make these messages appear as level 7, so that you wont see them

here is the link that will help you

http://www.cisco.com/en/US/docs/security/asa/asa72/system/message/logconf.html#wp1108252

if you want to send these messages to a different syslog server or want to log it to a different place you can make logging event list

here is a link

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00805a2e04.shtml

please feel free to ask if you have any clarifications

andrea.meconi · ‎08-24-2010

Hello jathaval and many thanks for your help.

Because I'm using

logging trap debugging

I'm thinking to create a list that exclude these messages to be send to syslog server.

What do you think about?

Regards.

Andrea

Kureli Sankar · ‎08-24-2010

I am not sure what you are asking. You like to filter these message once they arrive on the syslog server?

These messages are logged at level 6. You can send these to the syslog server with the logging trap 7 command.

If you want to logg to the buffer and only logg level 5 or 4 to buffer then you will not see these in the buffer logs.

logging trap 7

logging buffer 4

-KS

andrea.meconi · ‎08-24-2010

Hello kusankar. I don't want to log these messages to syslog server.

Thanks.

Regards.

Andrea

Kureli Sankar · ‎08-24-2010

Hmm...without using "no logging message" I can't think of a way.

Like you say, using a log list for a range of syslogs (may be a log list of loglist) and not including these two syslogs might work. Give it a shot.

logging list loglist message xxxxxx-yyyyyy

logging trap loglist

-KS

andrea.meconi · ‎08-24-2010

I'm testing this solution

logging list loglist message 101001-106009

logging list loglist message 106012-742010

logging trap loglist

Regards.

Andrea

Nagaraja Thanthry · ‎08-24-2010

Hello,

Just use the command:

no logging message

Regards,

NT

andrea.meconi · ‎08-24-2010

logging list test-list message 100000-106009
logging list test-list message 106011-999999

logging trap test-list

I believe this configuration can send any messages to syslog server but range 106010-106011 are excluded.

Kureli Sankar · ‎08-24-2010

Yes, that should do it.

May be

logging list loglist 101001-106009

logging list loglist 106012-742010

http://www.cisco.com/en/US/docs/security/asa/asa82/system/message/logmsgs.html

-KS