Cisco Log Messages

Why 106100 Messages?

Security Manager uses message ID 106100 and 106023, ACL messages, as the basis for Cisco usage analysis rather than buildup (302013) and tear-down (302015) messages; and are our preferred log messages as they take less resources on the data collector to process. However, they take more processing power on the ASA to generate.

If you are using buildup and tear-down messages, the matching speed could be more than 1000 times slower, depending on how many rules are in a policy. And if there are implicit deny rules, the data collector will compare each rule in the policy and then generate a log message indicating no match could be found, which can significantly slow performance, as well.

In order to prevent receiving two syslog messages for every rule hit, FireMon suggests disabling message ID 302013 and 302015 if you are not utilizing messages of this type for other things.

To disable specific log messages, use the command: no logging message message ID