52-16
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 52 Configuring Logging Policies on Firewall Devices
Configuring Syslog Server Setup
To add a rule, click the Add Row button and fill in the Add/Edit Syslog Message Dialog Box,
page 52-19.
You select the message number whose configuration you want to change, and then select the new
severity level, or select Suppressed to disable the generation of the message. Typically, you would
not change the severity level and disable the message, but you can make changes to both fields if
desired. Click OK to add the rule to the table.
For a description of message severity levels, see Logging Levels, page 52-18.
To edit a rule, select it and click the Edit Row button, make the desired changes, and click OK.
To delete a rule, select it and click the Delete Row button.
If you are using NetFlow, you can easily disable the generation of syslog messages that have
NetFlow equivalents by clicking the Disable NetFlow Equivalent Syslogs button. This adds the
messages to the table as suppressed messages. Note that if any of these syslog equivalents are
already in the table, your existing rules are not overwritten.
Server Setup Page
The Server Setup page allows you to set the facility code to be included in syslog messages that are sent
to syslog servers, specify whether a timestamp is included in each message, specify the device ID to
include in messages, view and modify the severity levels for messages, and disable the generation of
specific messages.
Navigation Path
(Device view) Select Platform > Logging > Syslog > Server Setup from the Device Policy selector.
(Policy view) Select PIX/ASA/FWSM Platform > Logging > Syslog > Server Setup from the
Policy Type selector. Select an existing policy or create a new one.
Related Topics
Configuring Syslog Server Setup, page 52-15
Defining Syslog Servers, page 52-20
Chapter 52, “Configuring Logging Policies on Firewall Devices”
Logging Levels, page 52-18
Field Reference
Table52-14 Server Setup Page
Element Description
Facility The syslog facility code that the appliance includes in messages
destined for syslog servers. The default is LOCAL4(20), which is what
most UNIX systems expect. You can select a facility between
LOCAL0(16) and LOCAL7(23).
Syslog facility is useful when you have a central syslog monitoring
system that needs to distinguish among the various network devices
that generate syslog data streams. Because your network devices share
the eight available facilities, you might need to change this value.