77-16
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter77 Configuring Logging
Configuring Logging
Sending All Syslog Messages in a Class to a Specified Output Destination
To send all syslog messages in a class to a specified output destination, enter the following command:
Enabling Secure Logging
To enable secure logging, enter the following command:
Command Purpose
logging class message_class {buffered | console |
history | mail | monitor | trap} [severity_level]
Example:
hostname(config)# logging class ha buffered alerts
Overrides the configuration in the specified output destination
command. For example, if you specify that messages at
severity level 7 should go to the internal log buffer and that ha
class messages at severity level 3 should go to the internal log
buffer, then the latter configuration takes precedence. The
buffered, history, mail, monitor, and trap keywords specify
the output destination to which syslog messages in this class
should be sent. The history keyword enables SNMP logging.
The monitor keyword enables Telnet and SSH logging. The
trap keyword enables syslog server logging. Select one
destination per command line entry. To specify that a class
should go to more than one destination, enter a new command
for each output destination.
Command Purpose
logging host interface_name syslog_ip [tcp/port |
udp/port] [format emblem] [secure]
Example:
hostname(config)# logging host inside 10.0.0.1
TCP/1500 secure
Enables secure logging.
The interface_name argument specifies the interface on which
the syslog server resides. The syslog_ip argument specifies the
IP address of the syslog server. The port argument specifies the
port (TCP or UDP) that the syslog server listens to for syslog
messages. The tcp keyword specifies that the ASA should use
TCP to send syslog messages to the syslog server. The udp
keyword specifies that the ASA should use UDP to send syslog
messages to the syslog server. The format emblem keyword
enables EMBLEM format logging for the syslog server. The
secure keyword specifies that the connection to the remote
logging host should use SSL/TLS for TCP only.
Note Secure logging does not support UDP; an error occurs
if you try to use this protocol.