Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Query regarding message class in Syslog

Hi Halijenn / experts

I have a query regarding syslog messages and wanted to send only the commands to syslog which are run by user in configuration mode .Hence please let me know what is exactly meant by the command "config " if i configure the below in ASA.I have gone through various Cisco docs however was not able to find the explanation . Will the "class config " command log all the information regarding the commands which are executed by the user in configuration mode . If yes , will it include the show commands as well ?


ASA(config)#logging list MYLIST level informational class config

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Query regarding message class in Syslog

This syslog:

%ASA-5-111008: User 'enable_15' executed the 'clear logging buffer'  command.

falls under syslog messages starting with 111, so yes, the above is also included in "config" class.

9 REPLIES
Cisco Employee

Re: Query regarding message class in Syslog

Syslog class 'config' consists of syslog message that starts with the following numbers 111, 112, 208, 308 as per the following URL:

http://www.cisco.com/en/US/docs/security/asa/asa80/system/message/logmsgs.html#wp4768518

Hope that helps.

New Member

Re: Query regarding message class in Syslog

Hi halijenn

Will it contain 165 as well as mentioned below . If not then in what class it will be contained ?

165>%ASA-5-111008: User 'enable_15' executed the 'clear logging buffer' command.

Cisco Employee

Re: Query regarding message class in Syslog

This syslog:

%ASA-5-111008: User 'enable_15' executed the 'clear logging buffer'  command.

falls under syslog messages starting with 111, so yes, the above is also included in "config" class.

New Member

Re: Query regarding message class in Syslog

thanks again halijenn !!!  , however please let me know as to why it is not mentioned in the document . Is it a Bug ? Anyhow thanks for resolving my query

Cisco Employee

Re: Query regarding message class in Syslog

Thanks for the rating as always.

Which part is not mentioned in the documentation?

New Member

Re: Query regarding message class in Syslog

165>%ASA-5-111008: User 'enable_15' executed the 'clear logging buffer' command. In this Message ID 165 is not associated with any of the class in Syslog Message Classes and Associated Message ID Numbers 

Cisco Employee

Re: Query regarding message class in Syslog

I believe 165 is just the sequence number of the syslog messages itself, not the class of the actual syslog message. 165 will give you the timestamp of each syslog messages.

New Member

Re: Query regarding message class in Syslog

Hi halijenn

I am still not sure if 165 is not the message ID as for the same we get the output of the configuration done by us in command mode (as seen in below logs)  .Also strange is the thing that  description of 165 is not mentioned in the document  ) .Please correct me if i am wrong . Also i am not able to understand the time stamp you are talking about .

http://www.cisco.com/en/US/docs/security/asa/asa80/system/message/logmsgs.html#wp4768518

<165>%ASA-5-111008: User 'enable_15' executed the 'exit' command.
<165>%ASA-5-111005: console end configuration: OK
<165>%ASA-5-111007: Begin configuration: console reading from terminal
<165>%ASA-5-111008: User 'enable_15' executed the 'configure terminal' command.

I have one more query which is not related to above

If i have 2 messages to be sent as warnings (though the default level is something else) to the syslog server whether i can specify my customized severity level as mentioned below

logging list MYLIST message 111008-111009
logging trap MYLIST

111008 is having LEVEL 5

111009 is having LEVEL 7

If i configure the below in addition to above , will i get both the messages in syslog as level warnings ?

logging message 111008 level warnings
logging message 111009 level warnings

Cisco Employee

Re: Query regarding message class in Syslog

I am not aware of <165> is anything significant in regards to the syslog message itself. Can you pls advise on which syslog you are actually seeing this? whether it is through console logging, buffered logging, monitor or on the syslog server itself?

I just quickly do a lab recreate on buffered logging, and didn't see the <165> as the syslog message itself started from the % sign:

%ASA-5-111008: User 'enable_15' executed the 'logging buffered debugging' command.
%ASA-5-111005: console end configuration: OK

In regards to changing the syslog message level so the level that you wanted, you are absolutely right.

From your example:

Syslog# 111008 (level 5) will be changed to level warnings with "logging message 111008 level warnings" command.

715
Views
0
Helpful
9
Replies
CreatePlease to create content