9-3. Fine-Tuning Logging Message Generation
After you have chosen and configured severity levels for logging destinations, you should make sure you are receiving only necessary messages. In other words, don't choose a severity level that can produce an abundance of messages that will be ignored. Always keep in mind that a Syslog server must receive and archive every message sent to it. Storage space is at a premium, especially when logs continuously grow over time.
Here are rules of thumb to follow when choosing a severity level:
If only firewall error conditions should be recorded and no one will regularly view the message logs, choose severity level 3 (errors).
If you are primarily interested in seeing how traffic is being filtered by the firewall ...
Get Cisco ASA and PIX Firewall Handbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.