I might be trying to do the impossible here, but I am trying to get my ASA 8.2(1) to send certain syslog messages to one host and other messages to another host.
By default we are using facility 23 as our logging facility. Logging trap is set to informational and there are 2 hosts that I am logging to. Both host are receiving all the informational messages that are being sent. One of the hosts is being overwelmed by the amount of traffic. This host only needs to receive the syslog message 111008, and no others. I have been trying to figure out how to send only this one message to the host, but syslog seems to be an all or nothing proposition. Any ideas? Regardless of what I come up with, it always seems that all hosts receive whatever I configure. I can't seem to define syslog traffic on a per target basis.
Re: discriminate between syslog messages -> targets
You are right. You can't define 2 syslog servers to send 2 different list of syslog messages. However, you can define seperate list of syslog messages, and send 1 list to syslog server, and send another list to buffer for example.
Here is the example for your reference:
logging list 111008-list message 111008
logging list the-rest-list message 101001-111007 logging list the-rest-list message 111009-742010
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...