Mc2102
asked on
ASA 5510 - SysLog Server Logging Filter
Hello,
I have two ASA 5510 firewalls which run in a failover setup. Today I added through ADSM a SYSlog server they both should write to.
If I check now under Configuration, Device Management, Logging Filters then for SysLog Servers the severity is being set to debugging. (Sorry ADSM is all I know). So with severity level I assume that pretty much everything is being written to the Syslog servers.
Performance and disk space wise this should not be a problem for the Syslog server but my question is that the recommended level? I mean does that even make sense to log so much data or should I change the level to something else? The only time I would probebly look into the data is when there was for example a problem at night but in the morning it is not reproducable. For example - on of the firewalls has a hickup.
Thank you
Marcus
12-16-2009-3-01-39-PM.png
I have two ASA 5510 firewalls which run in a failover setup. Today I added through ADSM a SYSlog server they both should write to.
If I check now under Configuration, Device Management, Logging Filters then for SysLog Servers the severity is being set to debugging. (Sorry ADSM is all I know). So with severity level I assume that pretty much everything is being written to the Syslog servers.
Performance and disk space wise this should not be a problem for the Syslog server but my question is that the recommended level? I mean does that even make sense to log so much data or should I change the level to something else? The only time I would probebly look into the data is when there was for example a problem at night but in the morning it is not reproducable. For example - on of the firewalls has a hickup.
Thank you
Marcus
12-16-2009-3-01-39-PM.png
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
That is actullay exactly the kind of information I was looking for.
Thank you
Marcus