Disable Specific Logs on a Cisco ASA

Share This:

Disable Specific Logs on a Cisco ASA 1

Depending on the volume of traffic that goes through your Cisco ASA, you might notice a large amount of traffic being logged, and depending on your configuration, it could also be sending it to a syslog server. Unless you’re specifically troubleshooting a connectivity issue, most of these logs can safely be disabled to reduce the amount of traffic in your logs and syslog server. At any point, you can run a command to re-enable the logging of a specific ID. First of all, you need to know the syslog ID of the line item you want to disable. You can refer to Cisco’s Syslog Guide for that information.

How To Disable Specific Logs on a Cisco ASA

Depending on the method you’re more comfortable with, you can either use the CLI (Command Line Interface) or the ASDM GUI.

CLI Commands:
config t
no logging message syslog_id

If you want to re-enable an ID, issue the same command without the ‘no’ in front.

ASDM GUI:
Go to Configuration > Device Management > Logging > Syslog Setup

You’ll see a list of Syslog ID’s. You can double-click on them and select Disable from within the popup window. Uncheck the Disable box to re-enable the ID.

Common Syslog ID’s To Disable

TCP connection Built/Teardown
no logging message 302014
no logging message 302013

UDP connection Built/Teardown
no logging message 302015
no logging message 302016

ICMP connection Built/Teardown
no logging message 302020
no logging message 302021

GRE connection Built/Teardown
no logging message 302017
no logging message 302018

Remember to Apply the config and Save it to keep the changes through a reboot.


Share This:

 

Leave a Reply