We are using the IDS capabilities built into the pix. I know this is a limited set of signatures but my question is: Is there a way to enable only the 4000xx syslog messages on the PIX so the syslog server only receives those messages without getting all of the other level 4, 3, 2, and 1 messages? I kinow I can use the "no logging message syslog_id" command to disable specific ID's but there are quite a few that I would need to disable in order to only get the IDS signature ID's. Any help would be greatly appreciated.
Unfortunately, no. There is no other way to disable this signature except by excluding them with the "no logging message.." command. If there are 20 signatures that you don't want to see, then you will have 20 "no logging.." statements.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...