Cisco ASA 5505 User Manual

77-21

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 77 Configuring Logging

Feature History for Logging

Secure logging

8.0(2)

Specifies that the connection to the remote logging host should use SSL/TLS.
This option is valid only if the protocol selected is TCP.

We modified the following command: logging host.

Logging class

8.0(4), 8.1(1)

Added support for the ipaa event class of logging messages.

We modified the following command: logging class.

Logging class and saved
logging buffers

8.2(1)

Added support for the dap event class of logging messages.

We modified the following command: logging class.

Added support to clear the saved logging buffers (ASDM, internal, FTP, and
flash).

We introduced the following command: clear logging queue bufferwrap.

Password encryption

8.3(1)

Added support for password encryption.

We modified the following command: logging ftp server.

Enhanced logging and
connection blocking

8.3(2)

When you configure a syslog server to use TCP, and the syslog server is
unavailable, the ASA blocks new connections that generate syslog messages
until the server becomes available again (for example, VPN, firewall, and
cut-through-proxy connections). This feature has been enhanced to also block
new connections when the logging queue on the ASA is full; connections resume
when the logging queue is cleared.

This feature was added for compliance with Common Criteria EAL4+. Unless
required, we recommended allowing connections when syslog messages cannot
be sent or received. To allow connections, continue to use the logging
permit-hostdown command.

We modified the following command: show logging.

We introduced the following syslog messages: 414005, 414006, 414007, and
414008.

Table 77-2

Feature History for Logging (continued)

Feature Name

Platform
Releases

Feature Information