Filter
Top Products
52-21
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 52 Configuring Logging Policies on Firewall Devices
Defining Syslog Servers
Syslog Servers Page
The Syslog Servers page lets you specify the syslog servers to which the security appliance sends syslog
messages. To make use of the syslog servers you define, you must enable logging using the Logging
Setup page and set up the appropriate filters for destinations using the Logging Filters page.
Tip If you want to view events from an ASA device using Security Manager Event Viewer, ensure that you
define the Security Manager server as a syslog server. Also, if you use CS-MARS or other applications
to manage syslog events, include those servers in this policy.
Navigation Path
• (Device view) Select Platform > Logging > Syslog > Syslog Servers from the Device Policy
selector.
• (Policy view) Select PIX/ASA/FWSM Platform > Logging > Syslog > Syslog Servers from the
Policy Type selector. Select an existing policy or create a new one.
Related Topics
• Defining Syslog Servers, page 52-20
• Chapter 52, “Configuring Logging Policies on Firewall Devices”
Field Reference
Table 52-17 Syslog Servers Page
Element Description
Syslog Servers table The syslog servers to which this device sends syslog messages. The
table shows the device interface that publishes messages to the server,
the server’s IP address, syslog protocol and port number, and whether
the messages are in Cisco EMBLEM syslog format.
There is a limit of four syslog servers that can be set up per context.
• To add a server, click the Add Row button and fill in the Add/Edit
Syslog Server Dialog Box, page 52-22.
• To edit a server, select it and click the Edit Row button.
• To delete a server, select it and click the Delete Row button.
Queue Size Specifies the size of the queue for storing syslog messages on the
security appliance when syslog server is busy. Minimum is 1 message.
Default is 512. Specify 0 to allow an unlimited number of messages to
be queued (subject to available block memory).
Allow user traffic to pass
when TCP syslog server is
down
Whether to restrict all traffic if any syslog server that is using the TCP
protocol is down.