Syslogs filling up too fast due to ASA firewall events
We currently have a few ASA's deployed on our network, which sends its syslogs to syslog servers. One of which is the LMS server. ASA sends and receives sylogs on other syslog servers just fine. When it comes to the LMS server, it does send the syslogs to the LMS server as they are visible on the server side, but does not show the syslog reports on the application side. The reports show up as "zero records." Despite restarting daemon manager a number of times, setting a logging-trap with severity 3 and above to retain at least serious firewall events, the syslogs cannot take the load and break the application. I have even tried setting a logging-rate limit to limit the syslogs being sent, but if Cisco claims that it can monitor upto 500 devices then why does the application break from the load of security events on our ASA firewalls? I am aware I cannot do anything on the device itself to limit syslogs, only on the LMS application. Is there a application fix out there that can resolve this issue, like a possible filter in the application that can filter out firewall events?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...