Configure syslog rate limits

Limit the rate at which syslog messages are generated, reducing log flooding and ensuring that important messages are not lost.

Syslog message generation can overwhelm logging systems if not managed properly. Configure rate limits for severity levels or specific message IDs to ensure efficient log management. When limits set for severity level and message ID conflict, the message ID limit takes precedence.

Tip	If you are configuring devices to send syslog messages about security events (such as connection and intrusion events), most Firewall Threat Defense platform settings do not apply to these messages. See Firewall Threat Defense platform settings that apply to security event syslog messages.

Procedure

Step 1	Choose Devices > Platform Settings and create or edit the Firewall Threat Defense policy.
Step 2	Select Syslog > Rate Limit.
Step 3	To limit message generation by severity level, click Logging Level > Add, then configure these options: Logging Level—Specify the severity level for the rate limit. For information on the levels, see Syslog message severity levels. Number of messages—The maximum number of messages of the specified type allowed in the specified time period. Interval—The number of seconds before the rate limit counter resets.
Step 4	Click OK.
Step 5	To limit message generation by syslog message ID, click Syslog Level > Add, then configure these options: Syslog ID—Specify the syslog message ID to be rate limited. For specific message numbers, see Cisco ASA Series Syslog Messages. Number of messages—Enter the maximum number of messages allowed in the specified interval. Interval—Set the interval (in seconds) for the rate limit counter to reset.
Step 6	Click OK.
Step 7	Click Save. You can now go to Deploy > Deploy and deploy the policy to assigned devices. The changes are not active until you deploy them.

Syslog message generation is limited based on configured severity levels or message IDs, preventing excessive log messages and supporting efficient log management.