Limit the Rate of Syslog Message Generation

You can limit the rate at which syslog messages are generated by severity level or message ID. You can specify individual limits for each logging level and each Syslog message ID. If the settings conflict, the Syslog message ID limits take precedence.

Tip

If you are configuring devices to send syslog messages about security events (such as connection and intrusion events), most threat defense platform settings do not apply to these messages. See Threat Defense Platform Settings That Apply to Security Event Syslog Messages.

Procedure

Step 1

Choose Devices > Platform Settings and create or edit the threat defense policy.

Step 2

Select Syslog > Rate Limit.

Step 3

To limit message generation by severity level, click Logging Level > Add and configure the following options:

  • Logging Level—The severity level you are rate limiting. For information on the levels, see Severity Levels.
  • Number of messages—The maximum number of messages of the specified type allowed in the specified time period.
  • Interval—The number of seconds before the rate limit counter resets.

Step 4

Click OK.

Step 5

To limit message generation by syslog message ID, click Syslog Level > Add and configure the following options:

  • Syslog ID—The syslog message ID you are rate limiting. For specific message numbers, see Cisco ASA Series Syslog Messages.
  • Number of messages—The maximum number of messages of the specified type allowed in the specified time period.
  • Interval—The number of seconds before the rate limit counter resets.

Step 6

Click OK.

Step 7

Click Save.

You can now go to Deploy > Deployment and deploy the policy to assigned devices. The changes are not active until you deploy them.