ASA email logs

Unanswered Question
Aug 15th, 2008

Hi

Is it possible to configure an ASA 7.2 to send syslogs by email at specified times with specific messages only?

Thanks

Stephen

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Farrukh Haroon Fri, 08/15/2008 - 07:06

"Specific messages" requirements can be met with logging lists. You create a logging list, define the email logging settings and then associate a logging list with the mail logging. Not so sure about the 'specified time' requirement. That would most probably involve scripting that would login to the box at the desired start time, enable the mail logging and then login again to disable it at the desired stop time.

Have a look at:

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00805a2e04.shtml#use

Regards

Farrukh

cisco24x7 Fri, 08/15/2008 - 07:26

The solution is very simple:

1- send all your log from the ASA over to a Linux syslog server,

2- There are utilities to filter the log

message for you in Perl or shell. In other

words, the utility looks at the log in

real-time and can filter specific messages

you want to see,

3- configure it to send you email at whatever

time you want. That can be done with crontab

There is no need to log into the ASA itself.

If you write a script to log into the ASA,

you then have to store the username/password

in a script and that is a security risk.

With the syslog message, you don't have to store any username/password anywhere.

Easy right?

Actions

This Discussion