Hi Halijenn / experts
I have a query regarding syslog messages and wanted to send only the commands to syslog which are run by user in configuration mode .Hence please let me know what is exactly meant by the command "config " if i configure the below in ASA.I have gone through various Cisco docs however was not able to find the explanation . Will the "class config " command log all the information regarding the commands which are executed by the user in configuration mode . If yes , will it include the show commands as well ?
ASA(config)#logging list MYLIST level informational class config
Solved! Go to Solution.
Syslog class 'config' consists of syslog message that starts with the following numbers 111, 112, 208, 308 as per the following URL:
Hope that helps.
Will it contain 165 as well as mentioned below . If not then in what class it will be contained ?
165>%ASA-5-111008: User 'enable_15' executed the 'clear logging buffer' command.
thanks again halijenn !!! , however please let me know as to why it is not mentioned in the document . Is it a Bug ? Anyhow thanks for resolving my query
165>%ASA-5-111008: User 'enable_15' executed the 'clear logging buffer' command. In this Message ID 165 is not associated with any of the class in Syslog Message Classes and Associated Message ID Numbers
I believe 165 is just the sequence number of the syslog messages itself, not the class of the actual syslog message. 165 will give you the timestamp of each syslog messages.
I am still not sure if 165 is not the message ID as for the same we get the output of the configuration done by us in command mode (as seen in below logs) .Also strange is the thing that description of 165 is not mentioned in the document ) .Please correct me if i am wrong . Also i am not able to understand the time stamp you are talking about .
<165>%ASA-5-111008: User 'enable_15' executed the 'exit' command.
<165>%ASA-5-111005: console end configuration: OK
<165>%ASA-5-111007: Begin configuration: console reading from terminal
<165>%ASA-5-111008: User 'enable_15' executed the 'configure terminal' command.
I have one more query which is not related to above
If i have 2 messages to be sent as warnings (though the default level is something else) to the syslog server whether i can specify my customized severity level as mentioned below
logging list MYLIST message 111008-111009
logging trap MYLIST
111008 is having LEVEL 5
111009 is having LEVEL 7
If i configure the below in addition to above , will i get both the messages in syslog as level warnings ?
logging message 111008 level warnings
logging message 111009 level warnings
I am not aware of <165> is anything significant in regards to the syslog message itself. Can you pls advise on which syslog you are actually seeing this? whether it is through console logging, buffered logging, monitor or on the syslog server itself?
I just quickly do a lab recreate on buffered logging, and didn't see the <165> as the syslog message itself started from the % sign:
%ASA-5-111008: User 'enable_15' executed the 'logging buffered debugging' command.
%ASA-5-111005: console end configuration: OK
In regards to changing the syslog message level so the level that you wanted, you are absolutely right.
From your example:
Syslog# 111008 (level 5) will be changed to level warnings with "logging message 111008 level warnings" command.