Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Syslogs filling up too fast due to ASA firewall events

We currently have a few ASA's deployed on our network, which sends its syslogs to syslog servers. One of which is the LMS server. ASA sends and receives sylogs on other syslog servers just fine. When it comes to the LMS server, it does send the syslogs to the LMS server as they are visible on the server side, but does not show the syslog reports on the application side. The reports show up as "zero records." Despite restarting daemon manager a number of times, setting a logging-trap with severity 3 and above to retain at least serious firewall events, the syslogs cannot take the load and break the application. I have even tried setting a logging-rate limit to limit the syslogs being sent, but if Cisco claims that it can monitor upto 500 devices then why does the application break from the load of security events on our ASA firewalls? I am aware I cannot do anything on the device itself to limit syslogs, only on the LMS application. Is there a application fix out there that can resolve this issue, like a possible filter in the application that can filter out firewall events?

Everyone's tags (1)
38
Views
0
Helpful
0
Replies