I have two ASA 5510 firewalls which run in a failover setup. Today I added through ADSM a SYSlog server they both should write to.
If I check now under Configuration, Device Management, Logging Filters then for SysLog Servers the severity is being set to debugging. (Sorry ADSM is all I know). So with severity level I assume that pretty much everything is being written to the Syslog servers.
Performance and disk space wise this should not be a problem for the Syslog server but my question is that the recommended level? I mean does that even make sense to log so much data or should I change the level to something else? The only time I would probebly look into the data is when there was for example a problem at night but in the morning it is not reproducable. For example - on of the firewalls has a hickup.
”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.
-Mike Kapnisakis, Warner Bros
With your subscription - you'll gain access to our exclusive IT community of thousands of IT pros. You'll also be able to connect with highly specified Experts to get personalized solutions to your troubleshooting & research questions. It’s like crowd-sourced consulting.
We can't always guarantee that the perfect solution to your specific problem will be waiting for you. If you ask your own question - our Certified Experts will team up with you to help you get the answers you need.
Our certified Experts are CTOs, CISOs, and Technical Architects who answer questions, write articles, and produce videos on Experts Exchange. 99% of them have full time tech jobs - they volunteer their time to help other people in the technology industry learn and succeed.
We can't guarantee quick solutions - Experts Exchange isn't a help desk. We're a community of IT professionals committed to sharing knowledge. Our experts volunteer their time to help other people in the technology industry learn and succeed.