Cisco 7604 Configuration Guide - Page 568
Security Contexts and Logging, Enabling and Disabling Logging
View all Cisco 7604 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 568 highlights
Configuring and Managing Syslog Messages Chapter 25 Monitoring the Firewall Services Module The FWSM syslog messages provide you with information for monitoring and troubleshooting the FWSM. Using the logging feature, you can do the following: • Specify which syslog messages should be logged. • Disable or change the severity level of a syslog message. • Specify the severity level of a syslog message by color. • Display a brief description of the syslog message as a tooltip. • Specify explanations and recommended actions for a syslog message. • Specify one or more locations to which syslog messages should be sent, including an internal buffer, one or more syslog servers, an SNMP management station, specified e-mail addresses, or Telnet and SSH sessions. • Configure and manage syslog messages in groups, such as by severity level or class of message. • Specify what happens to the contents of the internal buffer when the buffer becomes full: overwrite the buffer, send the buffer contents to an FTP server, or save the contents to internal flash memory. • Send all syslog messages, or subsets of syslog messages, to any or all output locations. • Filter which syslog messages are sent to which locations by the severity of the syslog message, the class of the syslog message, or by creating a custom log message list. Security Contexts and Logging Each security context includes its own logging configuration and generates its own messages. If you log in to the system or admin context, and then change to another context, messages you view in your session are only those that are related to the current context. Syslog messages that are generated in the system execution space, including failover messages, are viewed in the admin context along with messages generated in the admin context. You cannot configure logging or view any logging information in the system execution space. You can configure the FWSM to include the context name with each message, which helps you differentiate context messages that are sent to a single syslog server. This feature also helps you to determine which messages are from the admin context and which are from the system; messages that originate in the system execution space use a device ID of system, and messages that originate in the admin context use the name of the admin context as the device ID. For more information about enabling logging device IDs, see the "Including the Device ID in Syslog Messages" section on page 25-16. Enabling and Disabling Logging This section describes how to enable and disable logging on the FWSM. It includes the following topics: • Enabling Logging to All Configured Output Destinations, page 25-2 • Disabling Logging to All Configured Output Destinations, page 25-3 • Viewing the Log Configuration, page 25-3 Enabling Logging to All Configured Output Destinations The following command enables logging; however, you must also specify at least one output destination so that you can view or save the logged messages. If you do not specify an output destination, the FWSM does not save syslog messages that are generated when events occur. 25-2 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM OL-20748-01