Syslog Logs - Remove Some Logging

[LedZepRock]

Hi

I have my PIX sending its logs to a Linux box, and this works fine, I like to see connections that have been refused, but a major amount on my external interface is TCP 137, 139, 389 and I would rather not see them, I have setup the first access-list on the PIX to drop these connections but I dont want to see this information in the Syslog, is there anyway I can stop logging on these access-lists???

Ta
Simon

 

[LedZepRock]

Opps, think I have found the answer

access-list outside_in line 1 deny tcp any any object-group dropports log disable
access-list outside_in line 2 deny udp any any object-group dropports log disable

Bit of a pain that I have to do two lines, but I cant add a object-group if I use ip rather than tcp/udp why is that???

Ta
Simon

 

[br0ck]

you can also do

no logging message 106023

match the message number from the syslogs that you dont want logged