Configure System Logging

System logging is a method of collecting messages from devices to a server running a syslog daemon. Logging to a central syslog server helps in aggregation of logs and alerts. Cisco devices can send their log messages to a UNIX-style syslog service. A syslog service accepts messages and stores them in files, or prints them according to a simple configuration file. This form of logging provides protected long-term storage for logs. Logs are useful both in routine troubleshooting and in incident handling.

Security Levels

The following table lists the syslog message severity levels.

Syslog Message Severity Levels

Level Number

Security Level

Description

0

emergencies

System is unusable

1

alert

Immediate action is needed.

2

critical

Critical conditions.

3

error

Error conditions.

4

warning

Warning conditions.

5

notification

Normal but significant conditions.

6

informational

Informational messages only.

7

debugging

Debugging messages only.

Log at this level only temporarily, when debugging issues. This log level can potentially generate so many messages that system performance can be affected.

Note

ASA does not generate syslog messages with a severity level of zero (emergencies).

Procedure


Step 1

In the edit ASA system settings page, click Syslog in the left pane.

Step 2

Uncheck the Retain existing values checkbox to configure the values for the shared ASA system settings policy.

Important

If the Retain existing values check box is selected, you can't configure the values as the fields are hidden. Security Cloud Control uses the existing local values of the ASA device for this setting and doesn't inherit from the shared policy.

Step 3

Configure the following:

  • Logging Enabled: Enable secure logging.

  • Timestamp Enabled: Enable to include the date and time in syslog messages.

  • Permit host down: (Optional) Disable the feature to block new connections when a TCP-connected syslog server is down.

  • Buffer Size: Specify the size of the internal log buffer. The allowed range is 4096 to 1048576 bytes.

  • Buffered Logging Level: Specify which syslog messages should be sent to the internal log buffer, which serves as a temporary storage location.

  • Console Logging Level: Specify which syslog messages should be sent to the console port.

  • Trap Logging Level: Specify which syslog messages should be sent to the syslog server.

Step 4

Click to add Syslog server details.

  • Interface Name: Specify the interface name on which the syslog server resides. Ensure the interface name specified here is the same on the ASA devices associated with this shared system settings policy.

  • IP Version: Select the IP address version you want to use.

  • IP Address: Specify the IP address of the syslog server.

  • Protocol: Choose the protocol (TCP or UDP) the ASA should use to send syslog messages to the syslog server.

    • Port: Specify the port that the syslog server listens to for syslog messages. The allowed TCP port range is 1 to 65535, and the UDP port range is 1025 to 65535.

    • Log messages in Cisco EMBLEM format (UDP only): Enables EMBLEM format logging for the syslog server with UDP only.

    • Enable secure syslog using SSL?: Specifies that the connection to the remote logging host should use SSL/TLS for TCP only.

  • Reference Identity: Specify the reference identity type to enable RFC 6125 reference identity checks on the certificate based on the previously configured reference identity object. See Configure Reference Identities for details on the reference identity object.

Note

To remove a Syslog server, you can click the delete icon under Actions.

Step 5

Click Save.