Symptom
This in an enhancement request.
Following the logic to negate syslogs messages for connection creation and teardown, whenever the option "NetFlow Equivalent Syslogs" is enabled, syslog messages 302303 and 302304 should be negated as well, as those represent messages that will intensively be logged by FTD sensors running with inline-pair interfaces.
Messages:
%ASA-6-302303: Built TCP state-bypass connection conn_id from initiator_interface:real_ip/real_port(mapped_ip/mapped_port) to responder_interface:real_ip/real_port (mapped_ip/mapped_port)
%ASA-6-302304: Teardown TCP state-bypass connection conn_id from initiator_interface:ip/port to responder_interface:ip/port duration, bytes, teardown reason.
Presently the following default config is seen on a FTD when a syslog configuration is applied:
no logging message 106015
no logging message 313001
no logging message 313008
no logging message 106023
no logging message 710003
no logging message 106100
no logging message 302015
no logging message 302014
no logging message 302013
no logging message 302018
no logging message 302017
no logging message 302016
no logging message 302021
no logging message 302020
As seen above, messages 302303 and 302304 are not included on list, and those are Netflow equivalent messages for FTD in transparent / inline-set or passive modes.
Conditions
FTD running with inline-set or passive interfaces and logging settings.
Workaround
Manually negate syslog messages 302303 and 302304 under "Syslog Setting" option on FMC (Devices > Platform Settings >Syslog)