06-28-2008 02:13 PM
Hi,
I'm going back and trying to clean up our MARS install a little bit now that I have some time. I need to update MARS to the latest version, but right now I'm just trying to wade through some of the undefined logs coming from our ASA. Is there any guideline as what is the best log settings to use comming from the ASA for MARS? Right now it looks like everything is setup to be forwarded. Anyone have any suggestions for what they have their log settings at to capture the best amount of information, but not have to wade through everything else?
Thanks
06-29-2008 12:56 AM
Which syslogs are these specifically? We don't get any undefined events from our FWSM(s)? We get a plenty from the Netscreen (but AFAIR this is documented on CCO) that the support is not 'complete' as of yet.
The recommended level for ASA/PIX as per the Cisco Guide and 'many' discussion on Cisco MARS User Group is 'debugging'. Under normal operation not a lot of level 7 messages are generated.
Regards
Farrukh
06-29-2008 01:21 AM
Have a look at this:
Regards
Farrukh
07-03-2008 08:52 PM
If it's a busy firewall then you might need to adjust the logging to informational.
Also, there's an ASA and MARS tuning doc available through your account team which outlines some of the duplicate messages which can be turned off at the firewall to lessen the load on both the firewall and the MARS appliance.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: