asa的用途是在公司连接百兆的光纤上网,但是每天都会有大量的日志,
而且那些日志一点用处都没有,可以通过以下命令去禁止无用的日志输出到syslog服务器
asa如果没有过滤的话一个月会生成1000多w的日志,太大了
XYJ-ASA5512-B(config)# show logging message 106001 syslog 106001: default-level critical (enabled) XYJ-ASA5512-B(config)# no logg XYJ-ASA5512-B(config)# no logging me XYJ-ASA5512-B(config)# no logging message 106001 XYJ-ASA5512-B(config)# no logging message 106006 XYJ-ASA5512-B(config)# no logging message 106014 XYJ-ASA5512-B(config)# no logging message 106023 XYJ-ASA5512-B(config)# no logging message 500004 XYJ-ASA5512-B(config)# no logging message 410001 XYJ-ASA5512-B(config)# no logging message 733100 XYJ-ASA5512-B(config)# no logging message 106007
Oct 19 2016 15:10:02: %ASA-5-111008: User 'enable_15' executed the 'no logging message 106001' command. Oct 19 2016 16:38:56: %ASA-5-111008: User 'enable_15' executed the 'no logging message 733100' command.我是用logAnalyzer去收集日志的,以下是删除一些无用日志的sql语句。
delete from SystemEvents where Message like '%Inbound TCP%' and Syslogtag = '%ASA-2-106001:'; delete from SystemEvents where Message like '%Inbound TCP%' and Syslogtag = '%ASA-2-106001:'; delete from SystemEvents where Message like '%inbound UDP%' and Syslogtag = '%ASA-2-106006:'; delete from SystemEvents where Message like '%inbound icmp%' and Syslogtag = '%ASA-3-106014:'; delete from SystemEvents where Message like '%Deny udp src%' and Syslogtag = '%ASA-4-106023:'; delete from SystemEvents where Message like '%Deny icmp src%' and Syslogtag = '%ASA-4-106023:'; delete from SystemEvents where Message like '%Invalid transport field%' and Syslogtag = '%ASA-4-500004:'; delete from SystemEvents where Message like "%executed the 'enable'%" and Syslogtag = '%ASA-5-111008:'; delete from SystemEvents where Message like '%executed the \'enable\'%' and Syslogtag = '%ASA-5-111008:'; delete from SystemEvents where Message like '%Dropped UDP DNS%' and Syslogtag = '%ASA-4-410001:'; delete from SystemEvents where Message like '%User priv level changed%' and Syslogtag = '%ASA-5-502103:'; delete from SystemEvents where Message like '%User logged out: Uname: admin%' and Syslogtag = '%ASA-5-611103:'; delete from SystemEvents where Message like '%Received encrypted packet with no matching SA%' and Syslogtag = '%ASA-5-713904:'; delete from SystemEvents where Message like '%Current burst%' and Syslogtag = '%ASA-4-733100:'; delete from SystemEvents where Message like '%TCP access denied by ACL%' and Syslogtag = '%ASA-3-710003:'; delete from SystemEvents where Message like '%Duplicate TCP SYN from%' and Syslogtag = '%ASA-4-419002:'; delete from SystemEvents where Message like '%Deny inbound UDP from%' and Syslogtag = '%ASA-2-106007:'; delete from SystemEvents where Message like '%No matching connection for ICMP%' and Syslogtag = '%ASA-4-313005:'; delete from SystemEvents where Message like '%Group = spoke1%' and Syslogtag = '%ASA-5-713120:'; delete from SystemEvents where Message like '%Group = spoke1%' and Syslogtag = '%ASA-5-713119:'; delete from SystemEvents where Message like '%Group = spoke1%' and Syslogtag = '%ASA-5-713049:'; delete from SystemEvents where Message like '%Group = spoke1%' and Syslogtag = '%ASA-5-713041:'; delete from SystemEvents where Message like '%Denied ICMP type=3, code=3 from%' and Syslogtag = '%ASA-3-313001:'; delete from SystemEvents where Message like '%Dropped connection for ESMTP Request%' and Syslogtag = '%ASA-4-108004:'; delete from SystemEvents where Message like '%Received Invalid Cookie message for non-existent SA%' and Syslogtag = '%ASA-4-713903:'; delete from SystemEvents where Message like '%tcp flow from lan%' and Syslogtag = '%ASA-4-507003:';
没有评论:
发表评论