Cisco 7604 Configuration Guide - Page 580
Filtering Syslog Messages with Custom Message Lists, level, class, message
View all Cisco 7604 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 580 highlights
Configuring and Managing Syslog Messages Chapter 25 Monitoring the Firewall Services Module Filtering Syslog Messages with Custom Message Lists Creating a custom message list is a flexible way to exercise fine control over which syslog messages are sent to which output destination. In a custom syslog message list, you specify groups of syslog messages using any or all of the following criteria: severity level, message IDs, ranges of syslog message IDs, or message class. For example, you can use message lists to: • Select syslog messages with severity levels of 1 and 2 and send them to one or more e-mail addresses. • Select all syslog messages associated with a message class (such as "ha") and save them to the internal buffer. A message list can include multiple criteria for selecting messages. However, you must add each message selection criterion with a new command entry. You can create a message list containing overlapping message selection criteria. If two criteria in a message list select the same message, the message is logged only once. To create a customized list that the FWSM can use to select messages to be saved in the log buffer, perform the following steps: Step 1 Step 2 Create a message list containing criteria for selecting messages by entering the following command: hostname(config)# logging list name {level level [class message_class] | message start_id[-end_id]} Where the name argument specifies the name of the list. Do not use the names of severity levels as the name of a syslog message list. Prohibited names include "emergency," "alert," "critical," "error," "warning," "notification," "informational," and "debugging." Similarly, do not use the first three characters of these words at the beginning of a filename. For example, do not use a filename that starts with the characters "err." The level level argument specifies the severity level. You can specify the severity level number (0 through 7) or name. For severity level names, see the "Severity Levels" section on page 25-20. For example, if you set the severity level to 3, then the FWSM sends syslog messages for severity levels 3, 2, 1, and 0. The class message_class argument specifies a particular message class. For a list of class names, see Table 25-1 on page 25-13. The message start_id[-end_id] argument specifies an individual syslog message ID number or a range of numbers. The following example creates a message list named notif-list that specifies messages with a severity level of 3 or higher should be saved in the log buffer: hostname(config)# logging list notif-list level 3 (Optional) If you want to add more criteria for message selection to the list, enter the same command as in the previous step specifying the name of the existing message list and the additional criterion. Enter a new command for each criterion you want to add to the list. The following example adds criteria to the message list: a range of message ID numbers, and the message class ha (high availability or failover). hostname(config)# logging list notif-list 104024-105999 hostname(config)# logging list notif-list level critical hostname(config)# logging list notif-list level warning class ha 25-14 Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM OL-20748-01