Message classes and range of syslog ids, Filtering syslog messages, Using custom message lists – Cisco ASA 5505 User Manual
Page 1746
77-4
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter 77 Configuring Logging
Information About Logging
Message Classes and Range of Syslog IDs
For a list of syslog message classes and the ranges of syslog message IDs that are associated with each
class, see the syslog message guide.
Filtering Syslog Messages
You can filter generated syslog messages so that only certain syslog messages are sent to a particular
output destination. For example, you could configure the ASA to send all syslog messages to one output
destination and to send a subset of those syslog messages to a different output destination.
Specifically, you can configure the ASA so that syslog messages are directed to an output destination
according to the following criteria:
•
Syslog message ID number
•
Syslog message severity level
•
Syslog message class (equivalent to a functional area of the ASA)
You customize these criteria by creating a message list that you can specify when you set the output
destination. Alternatively, you can configure the ASA to send a particular message class to each type of
output destination independently of the message list.
You can use syslog message classes in two ways:
•
Specify an output location for an entire category of syslog messages using the logging class
command.
•
Create a message list that specifies the message class using the logging list command.
The syslog message class provides a method of categorizing syslog messages by type, equivalent to a
feature or function of the ASA. For example, the vpnc class denotes the VPN client.
All syslog messages in a particular class share the same initial three digits in their syslog message ID
numbers. For example, all syslog message IDs that begin with the digits 611 are associated with the vpnc
(VPN client) class. Syslog messages associated with the VPN client feature range from 611101 to
611323.
In addition, most of the ISAKMP syslog messages have a common set of prepended objects to help
identify the tunnel. These objects precede the descriptive text of a syslog message when available. If the
object is not known at the time that the syslog message is generated, the specific heading = value
combination does not appear.
The objects are prefixed as follows:
Group = groupname, Username = user, IP = IP_address
Where the group is the tunnel-group, the username is the username from the local database or AAA
server, and the IP address is the public IP address of the remote access client or L2L peer.
Using Custom Message Lists
Creating a custom message list is a flexible way to exercise control over which syslog messages are sent
to which output destination. In a custom syslog message list, you specify groups of syslog messages
using any or all of the following criteria: severity level, message IDs, ranges of syslog message IDs, or
message class.
For example, you can use message lists to do the following: