How to configure the firewall to enable the log to display only information about abnormalities?
To configure the firewall to enable the log to display only information about abnormalities, do as follows:
Run the info-center source SHELL channel logbuffer log level errors command. Then information about CLI operations, logins, and logouts is not transferred to the logbuffer.
In addition, you are advised to run the info-center logbuffer size 1024
command to change the logbuffer size to 1024 so that more information can be logged.
Run the info-center source command to set output log level of each module. Only log information of a lower level is displayed (a lower log level indicates a more severe fact).
AAA AAA module
ACL ACL module
ACM ACM module
ARP ARP module
ASPF ASPF module
To keep the default output log levels, run the info-center source default
The output log level of certain modules is warnings, so some log information about abnormalities cannot be displayed if the default output log levels are changed.
The log information collected on the live network generally consists of CLI logs, FIB refresh logs, and HTTP login logs. You are advised to lower the output log levels of these modules and to keep default configuration for the other modules. The configuration is as follows:
info-center source HWCM channel 4 log level errors
info-center source SHELL channel 4 log level errors
info-center source HTTPD channel 4 log level errors
info-center source FIB channel 4 log level errors