Cisco Support Community
Community Member

Suppressing logs

In order to block specific outgoing access on a PIX I am doing the following:

access-list acl_in deny tcp any host eq 80

access-list acl_in permit ip any any

access-group acl_in in interface inside

The above does successfully block my inside users trying to access a specific site/port. The problem is that each time an access is blocked there is a log in the syslog. I am not interested to see logs of these blocks (it is cluttering my syslog and I am not able to see the the logs that I am really interested to see).

If this was a router with Cisco IOS then specifying (or actually NOT specifying) the "log" option at the end of the access-list definition would have sufficed. But on a PIX there is no "log" option for the access-lists. It logs everything :-(

So, my question is: Is it possible to suppress the log of a successfully executed access-list and blocked traffic?

Thanks in advance,


Cisco Employee

Re: Suppressing logs

Sure. Do:

> no logging message xxxxxxx

where xxxxxxx is the number at the start of the syslog message (something like 106023 probably).

You can enter as many of these commands as you like to stop particular messages from being logged.

Community Member

Re: Suppressing logs


Thanks for the suggestion. It is almost perfect.

You see, apart from restricting access to outside world, I also have these incoming restrictions access-list, as:

access-list incoming_acl permit tcp X.X.X.X eq smtp

access-list incoming_acl permit tcp Y.Y.Y.Y eq nnn

access-group incoming_acl in interface outside

If an unauthorized connection from the outside (like attempt to ftp to X.X.X.X or port scan) comes in, the access-list does successfully block the connection and it logs as syslog message 106023 as well. And these are logs that I DO like to see in the syslog.

So if I disable logging of 106023 messages I actually disable all (incoming/outgoing) logs. Is there a better way?


CreatePlease to create content