Depending on the volume of traffic that goes through your Cisco ASA, you might notice a large amount of traffic being logged, and depending on your configuration, it could also be sending it to a syslog server. Unless you’re specifically troubleshooting a connectivity issue, most of these logs can safely be disabled to reduce the amount of traffic in your logs and syslog server. At any point, you can run a command to re-enable the logging of a specific ID. First of all, you need to know the syslog ID of the line item you want to disable. You can refer to Cisco’s Syslog Guide for that information.
How To Disable Specific Logs on a Cisco ASA
Depending on the method you’re more comfortable with, you can either use the CLI (Command Line Interface) or the ASDM GUI.
CLI Commands:
config t
no logging message syslog_id
If you want to re-enable an ID, issue the same command without the ‘no’ in front.
ASDM GUI:
Go to Configuration > Device Management > Logging > Syslog Setup
You’ll see a list of Syslog ID’s. You can double-click on them and select Disable from within the popup window. Uncheck the Disable box to re-enable the ID.
Common Syslog ID’s To Disable
TCP connection Built/Teardown
no logging message 302014
no logging message 302013
UDP connection Built/Teardown
no logging message 302015
no logging message 302016
ICMP connection Built/Teardown
no logging message 302020
no logging message 302021
GRE connection Built/Teardown
no logging message 302017
no logging message 302018
Remember to Apply the config and Save it to keep the changes through a reboot.