Chapter 25
Monitoring the Firewall Services Module
To start logging to a syslog server you define in this procedure, be sure to enable logging for all output
Note
locations. See the
disable logging, see the
page
25-3.
To configure the FWSM to send syslog messages to a syslog server, perform the following steps:
To designate a syslog server to receive the syslog messages, enter the following command:
Step 1
hostname(config)# logging host interface_name ip_address [tcp[/port] | udp[/port]]
[format emblem]
Where the format emblem keyword enables EMBLEM format logging for the syslog server (UDP only).
The interface_name argument specifies the interface through which you access the syslog server.
The ip_address argument specifies the IP address of the syslog server.
The tcp[/port] or udp[/port] argument specifies that the FWSM should use TCP or UDP to send syslog
messages to the syslog server. The default protocol is UDP. You can configure the FWSM to send data
to a syslog server using either UDP or TCP, but not both. If you specify TCP, the FWSM discovers when
the syslog server fails and discontinues sending syslog messages. If you specify UDP, the FWSM
continues to send syslog messages regardless of whether the syslog server is operational. The port
argument specifies the port that the syslog server listens to for syslog messages. Valid port values are
1025 through 65535, for either protocol. The default UDP port is 514. The default TCP port is 1470.
For example:
hostname(config)# logging host dmz1 192.168.1.5
If you want to designate more than one syslog server as an output destination, enter a new command for
each syslog server.
To specify which syslog messages should be sent to the syslog server, enter the following command:
Step 2
hostname(config)# logging trap {severity_level | message_list}
Where the severity_level argument specifies the severity levels of messages to be sent to the syslog
server. You can specify the severity level number (0 through 7) or name. For severity level names, see
the
"Severity Levels" section on page
FWSM sends syslog messages for severity levels 3, 2, 1, and 0.
The message_list argument specifies a customized message list that identifies the syslog messages to
send to the syslog server. For information about creating custom message lists, see the
Messages with Custom Message Lists" section on page
The following example specifies that the FWSM should send to the syslog server all syslog messages
with a severity level of 3 (errors) and higher. The FWSM will send messages with the severity level of
3, 2, and 1.
hostname(config)# logging trap errors
(Optional) If needed, set the logging facility to a value other than its default of 20 by entering the
Step 3
following command:
hostname(config)# logging facility number
Most UNIX systems expect the syslog messages to arrive at facility 20.
hostname(config)# logging
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
OL-20748-01
"Enabling Logging to All Configured Output Destinations" section on page
"Disabling Logging to All Configured Output Destinations" section on
25-20. For example, if you set the severity level to 3, then the
Configuring and Managing Syslog Messages
25-14.
25-2. To
"Filtering Syslog
25-5