Disable Redundant Syslog Messages
These instructions refer to this section of the macro. You do not need to modify the command.
logging flow-export-syslogs disable
Enabling NetFlow to export flow information makes the syslog messages in the following table redundant. In the interest of performance, we recommend that you disable redundant syslog messages, because the same information is exported through NetFlow.
Note | When NSEL and syslog messages are both enabled, there is no guarantee of chronological ordering between the two logging types. |
|
Syslog Message |
Description |
NSEL Event ID |
NSEL Extended Event ID |
|---|---|---|---|
|
106100 |
Generated whenever an access control rule (ACL) is encountered. |
1-Flow was created (if the ACL allowed the flow). 3-Flow was denied (if the ACL denied the flow). |
0-If the ACL allowed the flow. 1001-Flow was denied by the ingress ACL. 1002-Flow was denied by the egress ACL. |
|
106015 |
A TCP flow was denied because the first packet was not a SYN packet. |
3-Flow was denied. |
1004-Flow was denied because the first packet was not a TCP SYN packet. |
|
106023 |
When a flow was denied by an ACL attached to an interface through the access-group command. |
3-Flow was denied. |
1001-Flow was denied by the ingress ACL. 1002-Flow was denied by the egress ACL. |
|
302013, 302015, 302017, 302020 |
TCP, UDP, GRE, and ICMP connection creation. |
1-Flow was created. |
0-Ignore. |
|
302014, 302016, 302018, 302021 |
TCP, UDP, GRE, and ICMP connection teardown. |
2-Flow was deleted. |
0-Ignore. > 2000-Flow was torn down. |
|
313001 |
An ICMP packet to the device was denied. |
3-Flow was denied. |
1003-To-the-box flow was denied because of configuration. |
|
313008 |
An ICMP v6 packet to the device was denied. |
3-Flow was denied. |
1003-To-the-box flow was denied because of configuration. |
|
710003 |
An attempt to connect to the device interface was denied. |
3-Flow was denied. |
1003-To-the-box flow was denied because of configuration. |
If you do not want to disable redundant syslog messages, you can edit this macro and delete only this line from it:
logging flow-export-syslogs disable
You can later enable or disable individual syslog messages by following the procedure in the Disabling and Reenabling NetFlow-related Syslog Messages.