Note - this link refers to an IOS device but many of the guidelines transfer nicely to the ASA/PIX/FWSM. The two items at this link that I feel are quite important are synchronizing the time between all of your network devices (possibly via NTP) and leverage the timestamp feature on your syslogs ('logging timestamp' in the firewall realm).
In general, depending on your main goal for logging (troubleshooting, network access logs, etc.), regardless of industry, you will inevitably need to determine the appropriate logging level for that purpose and your network. Even within a particular logging level, you will inevitably find syslogs that are NOT useful to you while finding other syslogs in lower logging levels that ARE useful.
You can customize your logging experience on the ASA/PIX/FWSM by enabling/disabling certain syslogs, escalate those syslogs that are more important (to you) than the default logging level, and create logging lists. Also, don't forget that logging locally on the device via the "buffered" keyword will be useful for immediate troubleshooting while remote logging for historical purposes may be useful to correlate network access (ie which host went where and when). With this being said, you will most likely have a different logging level depending on the logging destination. The
I've provided a link below for the various 'logging' commands for ASA although many of these commands are the same on other firewall platforms:
Thanks Kevin for sharing the ASA command reference for Logging this will help focus on getting the required(important) logs to our syslog server instead of all logs.we are facing capacity problem on the Syslog server because of the number of messages per hr.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...