Cisco Systems ISA550 Configuring Log Settings

Device Management

Log Managem ent

Cisco ISA500 Series Integrated Security Appliances Administration Guide 444

Configuring Log Settings

Use the Log Settings page to enable the Log feature and configure the log

settings. You can set the log buffer size, log all unicast traffic or broadcast traffic

destined to your device for troubleshooting purposes, specify which syslogs to be

mailed to a specified email address on schedule, and set the severity level of the

events that are logged. If you have a remote syslog server support, you can save

logs to the remote syslog server.

STEP 1 Click Devic e Management > Logs > Log Settings.

STEP 2 In the Log Settings area, enter the following information:

•Log: Click On to enable the Log feature, or click Off to disable it.

•Log Buffer: If you enable the Log feature, specify the size for the local log

buffer. The default value is 409600 bytes.

NOTE: After you enable the Log feature and set the log buffer size, specify

the severity level of the events that you want to log. These logs will be saved

to the local log daemon. See Step 7.

STEP 3 In the System Logs area, if you want to monitor the security appliance with more

traffic data, you can choose to log all unicast traffic and/or all broadcast or

multicast traffic directed to your security appliance for troubleshooting purposes.

The logs for unicast traffic and broadcast or multicast traffic are at the Information

severity level.

•Unicast Traffic: Click On to log all unicast packets directed to the security

appliance. Unicast traffic for all facilities will be logged, regardless of internal

or external traffic.

•Broadcast/Multicast Traffic: Click On to log all broadcast or multicast

packets directed to the security appliance. Broadcast or multicast traffic for

all facilities will be logged, regardless of internal or external traffic.

If both are unselected, the security appliance only logs the events based on

your facility settings. The log facilities are used to log some interest events,

such as wireless clients are associated, packets are blocked by firewall

rules, viruses are detected by the Anti-Virus service, and so forth.

STEP 4 In the Email Ser ver area, specify which syslogs to be mailed to a specified email

address on schedule.

•Email Alert: Shows if the Syslog Email feature is enabled or disabled.

•From Email Address: The email address used to send the logs.