Syslog Message Filtering
You can filter generated syslog messages so that only certain syslog messages are sent to a particular output destination. For example, you could configure the threat defense device to send all syslog messages to one output destination and to send a subset of those syslog messages to a different output destination.
Specifically, you can direct syslog messages to an output destination according to the following criteria:
-
Syslog message ID number
(This does not apply to syslog messages for security events such as connection and intrusion events.)
-
Syslog message severity level
-
Syslog message class (equivalent to a functional area)
(This does not apply to syslog messages for security events such as connection and intrusion events.)
You customize these criteria by creating a message list that you can specify when you set the output destination. Alternatively, you can configure the threat defense device to send a particular message class to each type of output destination independently of the message list.
(Message lists do not apply to syslog messages for security events such as connection and intrusion events.)