ASA 5510 - SysLog Server Logging Filter

Hello,

I have two ASA 5510 firewalls which run in a failover setup. Today I added through ADSM a SYSlog server they both should write to.

If I check now under Configuration, Device Management, Logging Filters then for SysLog Servers the severity is being set to debugging. (Sorry ADSM is all I know). So with severity level I assume that pretty much everything is being written to the Syslog servers.
Performance and disk space wise this should not be a problem for the Syslog server but my question is that the recommended level? I mean does that even make sense to log so much data or  should I change the level to something else? The only time I would probebly look into the data is when there was for example a problem at night but in the morning it is not reproducable. For example - on of the firewalls has a hickup.

Thank you
Marcus
12-16-2009-3-01-39-PM.png
Mc2102Asked:
Who is Participating?
 
neuromancerxyzConnect With a Mentor Commented:
1. Performance and disk space wise this should not be a problem for the Syslog server but my question is that the recommended level?
>> Well Yes/No
Yes if you are really looking for all logs when you have problem as you said for night. But there will too much for you to filter.
No: This is which i can recommend user "Alert" which will give u info that u require to log.

I mean does that even make sense to log so much data or  should I change the level to something else?
Change the level as per your requirement. I prefer "ALERT"

Hope this helps
0
 
Mc2102Author Commented:
Hello Neuromancerxyz,

That is actullay exactly the kind of information I was looking for.

Thank you
Marcus
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.