3 Replies Latest reply on Apr 4, 2013 12:08 PM by noor

    3130 Event-history Firewall Excerpts

    tmasazo New Member

      Is there no way to exclude firewall excerpts from the event history? I have tried changing the priority level to warning in hopes of limiting the firewall logs due to it filling the logs up. I only want interface and protocol to be logged. Not sure if this is even possible. it's a AdTran NetVanta 3130.

      Thanks

        • Re: 3130 Event-history Firewall Excerpts
          Employee

          tmasazo - Thanks for posting your question to the forum!  Unfortunately, there is now way to exclude certain events from the event history beyond changing the priority level. However, you can increase the firewall attack-log threshold and policy-log threshold so that the events aren't logged as often. This can be changed in the CLI with the following commands from config mode:

           

          ip firewall attack-log threshold <number of attacks to match before logging>

          ip firewall policy-log threshold <number of policies to match before logging>

           

          Both of these settings are set to 100 by default.

           

          Please do not hesitate to let us know if you have any further questions.

           

          Thanks,

          Noor

          1 of 1 people found this helpful
            • Re: 3130 Event-history Firewall Excerpts
              tmasazo New Member

              noor - Can you point me in the direction of reading material that explains more on this? I have the  AOS command line guide but doesn't go into much detail about how to set this and the effects it has on the device. Thanks!

                • Re: 3130 Event-history Firewall Excerpts
                  Employee

                  tmasazo - The commands in bold in my original post are the commands you will need to issue from enable mode to change the threshold settings. By changing these settings, it will change the number of times a particular event occurs before it is logged to the event history. By increasing the threshold (which is 100 default), potentially, the events would be logged less often. This, of course, depends on how often these events are occurring.

                   

                  Let us know if you have any further questions.

                   

                  Thanks,

                  Noor