Create a Custom Event List
Create a custom event list when you are sending ASA syslog events to the Cisco Cloud using one of these methods:
-
Send ASA Syslog Events to the Cisco Cloud Using the Command Line Interface
-
Send ASA Syslog Events to the Cisco Cloud using a Security Cloud Control Macro
You can create an event list, also referred to as a message_list, based on the following three criteria:
-
Event Class
-
Severity
-
Message ID
To create a custom event list to send to a specific logging destination (for example, a syslog server or a Secure Event Connector), perform the following steps:
Procedure
Step 1 | From the left navigation bar, click Security Devices. | ||||
Step 2 | Click the Devices tab. | ||||
Step 3 | Click the appropriate tab and select the ASA whose syslog messages you want to include in a custom event list. | ||||
Step 4 | In the Device Actions pane, click >_ Command Line Interface. | ||||
Step 5 | Use this command syntax to issue the logging list command to the ASA:
logging list
name
{
level
level
[
class
message_class
]|
message
start_id
[
-end_id
]}
The name argument specifies the name of the list. The level level keyword and argument pair specify the severity level. The class message_class keyword-argument pair specify a particular message class. The message start_id [-end_id] keyword-argument pair specify an individual syslog message number or a range of numbers.
| ||||
Step 6 | Save your Changes to the Startup Config At the command prompt, type write memory. Example:
|