Configuring and Managing Syslog Messages
The FWSM syslog messages provide you with information for monitoring and troubleshooting the
FWSM. Using the logging feature, you can do the following:
•
•
•
•
•
•
•
•
•
•
Security Contexts and Logging
Each security context includes its own logging configuration and generates its own messages. If you log
in to the system or admin context, and then change to another context, messages you view in your session
are only those that are related to the current context.
Syslog messages that are generated in the system execution space, including failover messages, are
viewed in the admin context along with messages generated in the admin context. You cannot configure
logging or view any logging information in the system execution space.
You can configure the FWSM to include the context name with each message, which helps you
differentiate context messages that are sent to a single syslog server. This feature also helps you to
determine which messages are from the admin context and which are from the system; messages that
originate in the system execution space use a device ID of system, and messages that originate in the
admin context use the name of the admin context as the device ID. For more information about enabling
logging device IDs, see the
Enabling and Disabling Logging
This section describes how to enable and disable logging on the FWSM. It includes the following topics:
•
•
•
Enabling Logging to All Configured Output Destinations
The following command enables logging; however, you must also specify at least one output destination
so that you can view or save the logged messages. If you do not specify an output destination, the FWSM
does not save syslog messages that are generated when events occur.
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
25-2
Specify which syslog messages should be logged.
Disable or change the severity level of a syslog message.
Specify the severity level of a syslog message by color.
Display a brief description of the syslog message as a tooltip.
Specify explanations and recommended actions for a syslog message.
Specify one or more locations to which syslog messages should be sent, including an internal buffer,
one or more syslog servers, an SNMP management station, specified e-mail addresses, or Telnet and
SSH sessions.
Configure and manage syslog messages in groups, such as by severity level or class of message.
Specify what happens to the contents of the internal buffer when the buffer becomes full: overwrite
the buffer, send the buffer contents to an FTP server, or save the contents to internal flash memory.
Send all syslog messages, or subsets of syslog messages, to any or all output locations.
Filter which syslog messages are sent to which locations by the severity of the syslog message, the
class of the syslog message, or by creating a custom log message list.
"Including the Device ID in Syslog Messages" section on page
Enabling Logging to All Configured Output Destinations, page 25-2
Disabling Logging to All Configured Output Destinations, page 25-3
Viewing the Log Configuration, page 25-3
Chapter 25
Monitoring the Firewall Services Module
25-16.
OL-20748-01