Cisco ASA Firewall Logging/Syslog Types & Configuration [GUI]

edledge Cisco logo

Make: Cisco
: ASA 5506-X, ASA 5506 W-X, ASA 5508-X, 5500-X Series
Mode: GUI [ASDM]
Description: In this article, we will discuss the different types of logging and syslog configuration methods via ASDM on Cisco ASA. Refer to the article linked here if you are facing Cisco ASA Logging/Syslog Time Sync Issue.


A method of collecting messages from devices to a server running a syslog daemon is called system logging. Logging to a central syslog server helps in aggregation of logs and alerts. Cisco devices can send their log messages to a UNIX-style syslog service. A syslog service accepts messages and stores them in files, or prints them according to a simple configuration file. This form of logging provides protected
long-term storage for logs. Logs are useful both in routine troubleshooting and in incident handling.

Syslog messages begin with a percent sign (%) and are structured as follows:

%ASA Level Message_number: Message_text

Syslog/Loggings Security Level

Syslog messages are divided into 8 categories and each category has a security level. We can assign custom colours to each of the severity levels to make it easier to distinguish them in the ASDM log viewers. The security level of Syslog messages is as below:

Level NumberSeverity LevelDescription
0emergenciesSystem is unusable
1alertImmediate action is needed
2criticalCritical conditions
3errorError conditions
4warningWarning conditions
5notificationNormal but significant conditions
6informationalInformational messages only
7debuggingDebugging messages only
Note: The ASA and ASASM do not generate syslog messages with a severity level of zero (emergencies). This 
level is provided in the logging command for compatibility with the UNIX syslog feature but is not used by
the ASA

Syslog Configuration on ASA via ASDM

Step1: Login
Login to the ASA using username and password.


Step2: Logging Filters
Follow the steps shown below in the image to navigate to the Logging filters.


Step3: Logging Destination
Choose the name of the logging destination to which you want to apply a filter. Available logging destinations are as follows:

  • Console port
  • ASDM
  • E-Mail
  • Internal buffer
  • Telnet & SSH session
  • SNMP server
  • Syslog server

Configuring Logging Destination

Step3a: Console Port
Syslog messages can be sent to the console port for monitoring. Follow the steps shown below in the image to configure syslog messages to be sent to the console port.


Step3b: E-mail
You could receive the Syslog messages by email as well. Configure the SMTP. Enter the destination e-mail address, and choose the Syslog severity level from the drop-down list.


Step3c: ASDM
Syslog messages can be monitored on ASDM page. Follow the steps shown below in the image.


Step3d: Internal Buffer
Internal buffer servers as a temporary storage location that could be used to save Syslog messages. Define the internal buffer size and then follow the steps shown below in the image to configure syslog messages to be sent to internal buffer.


Step3e: Telnet & SSH Session
To send syslog messages to a Telnet or SSH session, follow the steps shown below. Make sure SSH or Telnet session is configured on ASA.


Step3f: SNMP Trap
Configure SNMP on the Cisco ASA and then follow the steps shown below in the image to configure syslog messages to be sent as SNMP Trap.


Step3g: Syslog Servers
Follow the steps shown below in the image to configure syslog messages to be sent to syslog servers.


You could configure ASA syslog or logging using the methods described above.

Other Topics on ASA

SourceKnowledge Base, Internet, Cisco


Leave a Reply

Your email address will not be published. Required fields are marked *