After looking at 1000's of customers configs, hardly any of them omit any syslogs. I guess the whole idea of logging is to capture as much as you can, it may come in handy later on. As long as it's not putting a huge load on your PIX or on your network, I would recommend logging everything, safer from a legal standpoint then in case it's ever needed.
That is a good point. I make a habit to look at the syslogs everyday.
If I don't omit things, the logs are well over 1MB in size....which can be ridiculous to look at everyday (i.e. over 1MB of text).
Do you, from your experience gather that sysadmins "suck it up" and just read through the logs anyways or do you find that many people don't look at them unless there is a problem, or that some other tool is used to look for suspicious things and then reports those events accordingly?
In my opinion, this is one of those areas where you have to seriously consider whether or not the benefit of looking at the entire syslog is worth the amount time it's going to take you to do it well. In my own case, it simply wasn't worth it. We have two PIX525's terminating about 90 VPN tunnels as well as two 515's with another 20 tunnels. The 525's alone generate about 1100 syslog messages an hour so it's just not practical to view them all. Here's my recommendation, if your network is new or if you're new to the network it's a good idea to monitor the entire syslog. After a month or so you'll be familiar enough with the logs that you'll be able to spot anything out of the ordinary very easily. You'll also have a very good idea of which logs don't mean much and can filter those out accordingly.
The network isn't new...actually about 3 years old...and yes, I have already a while ago actually, blocked logging of certain messages. It's just a couple of my offices exist in Asia, and you could imagine the amount of port scanning that goes on over there...about 10 fold of what it is in the US.
It makes me feel better that someone else deals with the same issue.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...