Cisco Systems CL-28826-01 Configuring Syslog Server Setup

52-15

User Guide for Cisco Security Manager 4.4

OL-28826-01

Chapter52 Configuring Logging Policies on Firewall Devices

Configuring Syslog Server Setup

Configuring Syslog Server Setup

You can configure general syslog server settings to set the facility code to be included in syslog messages

that are sent to syslog servers, specify whether a timestamp is included in each message, specify the

device ID to include in messages, view and modify the severity levels for messages, and disable the

generation of specific messages.

Related Topics

•Defining Syslog Servers, page 52-20

Step 1 Do one of the following:

•(Device v iew) Select Platform > Logging > Syslog > Server Setup to open the Server Setup Page,

page 52-16.

•(Policy view) Select PIX/ASA/FWSM Platform > Logging > Syslog > Server Setup from the

Policy Type selector. Select an existing policy or create a new one.

Step 2 Change the basic message configuration as required:

•If your syslog server expects a different facility than the default, select the required facility in the

Facility list.

•If you want to include the date and time a message was generated in the message, select Enable

Timestamp on Each Syslog Message.

•If you want to add a device identifier to syslog messages (which is placed at the beginning of the

message), select Enable Syslog Device ID and then select the type of ID:

Note For an ASA cluster, each unit in the cluster generates its own syslog messages. You can

configure logging so that each unit uses either the same or a different device ID in the

syslog message header field. For example, the hostname configuration is replicated and

shared by all units in the cluster. If you configure logging to use the hostname as the

device ID, syslog messages generated by all units look as if they come from a single

unit. If you configure logging to use the local-unit name that is assigned in the cluster

bootstrap configuration as the device ID (Cluster ID option), syslog messages look as if

they come from different units. You can also specify whether or not the interface IP

address of the cluster Master should be used for all cluster devices.

–

Interface—To use the IP address of the specified interface, regardless of the interface through

which the appliance sends the message. Click Select to select the interface or the interface role

that identifies the interface. Interface roles must map to a single interface.

For ASA clusters, to specify that the interface IP address of the cluster Master should be used

for all cluster devices, select the corresponding option under the Interface Name field.

–

User Defined ID—To use a text string (up to 16 characters) of your choosing.

–

Host Name—To use the hostname of the device.

–

Cluster ID—To use the unique name in the boot configuration of an individual ASA unit in the

cluster as the device ID.

Step 3 Use the Syslog Message table to alter the default settings for specific syslog messages. You need to

configure rules in this table only if you want to change the default settings. You can change the severity

assigned to a message, or you can suppress (disable) the generation of a message.