Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Best practices Syslog

Dear,

Whats does best practices of the  configuration in the Mars? today we use in configuring the sys log category "Information"

What is the best category to be used on mars?

Thank you

2 REPLIES
New Member

Re: Best practices Syslog

I think syslog level 6 informational sufficient for cs mars. 

Cisco Employee

Re: Best practices Syslog

It depends upon how much detail you want CS-MARS to know about the events being sent from the device.  It is usually sufficient to set reporting to a mid-level and then monitor the data received by the CS-MARS.  If you feel you are not getting enough detail, increase the level.  If you feel you are getting too much detail, decrease the level.  (You may also want to decrease the level if you have a large number of 'Unknown device event type' messages as these indicate received messages that CS-MARS cannot parse).

For firewalls, the configuration guide mentions setting the level to debug to allow very granular querying on event data.  This is covered here:

http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.0/device/configuration/guide/cfgFwall.html#wp369972

Scott

713
Views
0
Helpful
2
Replies