77-13
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter77 Configuring Logging
Configuring Logging
Creating a Custom Event List
To create a custom event list, perform the following steps:
Command Purpose
Step1 logging list name {level level [class message_class]
| message start_id[-end_id]}
Example:
hostname(config)# logging list notif-list level 3
Specifies criteria for selecting messages to be saved
in the internal log buffer. For example, if you set the
severity level to 3, then the ASA sends syslog
messages for severity levels 3, 2, and 1.
The name argument specifies the name of the list. The
level level keyword and argument pair specify the
severity level. The class message_class keyword and
argument pair specify a particular message class. The
message start_id[-end_id] keyword and argument
pair specify an individual syslog message number or
a range of numbers.
Note Do not use the names of severity levels as the
name of a syslog message list. Prohibited
names include emergencies, alert, critical,
error, warning, notification, informational,
and debugging. Similarly, do not use the first
three characters of these words at the
beginning of an event list name. For example,
do not use an event list name that starts with
the characters err.
Step2 logging list name {level level [class message_class]
| message start_id[-end_id]}
Example:
hostname(config)# logging list notif-list message
104024-105999
hostname(config)# logging list notif-list level
critical
hostname(config)# logging list notif-list level
warning class ha
(Optional) Adds more criteria for message selection
to the list. Enter the same command as in the previous
step, specifying the name of the existing message list
and the additional criterion. Enter a new command for
each criterion that you want to add to the list. For
example, you can specify criteria for syslog messages
to be included in the list as the following:
Syslog message IDs that fall into the range of
104024 to 105999.
All syslog messages with the critical severity
level or higher (emergency, alert, or critical).
All ha class syslog messages with the warning
severity level or higher (emergency, alert,
critical, error, or warning).
Note A syslog message is logged if it satisfies any
of these conditions. If a syslog message
satisfies more than one of the conditions, the
message is logged only once.