I have two ASA 5510 firewalls which run in a failover setup. Today I added through ADSM a SYSlog server they both should write to.
If I check now under Configuration, Device Management, Logging Filters then for SysLog Servers the severity is being set to debugging. (Sorry ADSM is all I know). So with severity level I assume that pretty much everything is being written to the Syslog servers.
Performance and disk space wise this should not be a problem for the Syslog server but my question is that the recommended level? I mean does that even make sense to log so much data or should I change the level to something else? The only time I would probebly look into the data is when there was for example a problem at night but in the morning it is not reproducable. For example - on of the firewalls has a hickup.