Syslog messages
A syslog message is a log event that
-
collects messages from devices to a server running a syslog daemon
-
enables aggregation of logs and alerts for centralized management, and
-
provides protected long-term storage for logs, supporting troubleshooting and incident handling.
System log configuration details
Devices can send their log messages to a UNIX-style syslog service. A syslog service accepts messages and either stores them in files or prints them, based on a simple configuration file.
|
Logs related to |
Details |
Configure in |
|---|---|---|
|
Device and system health, network configuration |
This syslog configuration generates messages for features running on the data plane, that is, features that are defined in the CLI configuration that you can view with the show running-config command. This includes features such as routing, VPN, data interfaces, DHCP server, NAT, and so forth. Data plane syslog messages are numbered, and they are the same as those generated by devices running ASA software. However, Secure Firewall Threat Defense does not necessarily generate every message type that is available for ASA Software. For information on these messages, see Cisco Secure Firewall Threat Defense syslog messages at https://www.cisco.com/c/en/us/td/docs/security/firepower/Syslogs/b_fptd_syslog_guide.html. This configuration is explained in these topics. |
Platform settings |
|
Security events |
This syslog configuration generates alerts for file and malware, connection, Security Intelligence, and intrusion events. |
Platform settings and the Logging in an access control policy |
|
(All devices) Policies, rules, and events |
This syslog configuration generates alerts for access control rules, intrusion rules, and other advanced services as described in External alert types. These messages are not numbered. For information on configuring this type of syslog, see Create a syslog alert response. |
alert responses and the Logging in an access control policy |
You can set up multiple syslog servers and control the messages and events sent to each server. You can also configure varied destinations, such as console, email, or internal buffer.