CHAPT ER
77-1
Cisco ASA 5500 Series Configuration Guide using the CLI
77
Configuring Logging
This chapter describes how to configure and manage logs for the ASA and includes the following
sections:
Information About Logging, page77-1
Licensing Requirements for Logging, page77-5
Prerequisites for Logging, page 77-5
Guidelines and Limitations, page77-5
Configuring Logging, page77-6
Monitoring the Logs, page77-19
Configuration Examples for Logging, page77-20
Feature History for Logging, page 77-20

Information About Logging

System logging is a method of collecting messages from devices to a server running a syslog daemon.
Logging to a central syslog server helps in aggregation of logs and alerts. Cisco devices can send their
log messages to a UNIX-style syslog service. A syslog service accepts messages and stores them in files,
or prints them according to a simple configuration file. This form of logging provides protected
long-term storage for logs. Logs are useful both in routine troubleshooting and in incident handling.
The ASA system logs provide you with information for monitoring and troubleshooting the ASA. With
the logging feature, you can do the following:
Specify which syslog messages should be logged.
Disable or change the severity level of a syslog message.
Specify one or more locations where syslog messages should be sent, including an internal buffer,
one or more syslog servers, ASDM, an SNMP management station, specified e-mail addresses, or
to Telnet and SSH sessions.
Configure and manage syslog messages in groups, such as by severity level or class of message.
Specify whether or not a rate-limit is applied to syslog generation.
Specify what happens to the contents of the internal log buffer when it becomes full: overwrite the
buffer, send the buffer contents to an FTP server, or save the contents to internal flash memory.
Filter syslog messages by locations, severity level, class, or a custom message list.