cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1994
Views
5
Helpful
6
Replies

Syslog over TCP?

jfoldager
Level 1
Level 1

Hi all,

Does anyone know if the MARS can accept syslog over TCP? The issue is that I want the ASA to stop making new connections in case the connection is lost to the MARS.

Thanks in advance!

Regards,

Jesper

1 Accepted Solution

Accepted Solutions
6 Replies 6

rajett
Cisco Employee
Cisco Employee

For the ASA:

MARS release 4.x and 5.x support syslog over UDP.

Release 6.x supports Syslog over UDP and Secure Syslog on TCP

It does not support unsecured syslog on TCP.

Hi,

Thank you very much for the answer.

Does the optional 'secure' keyword in the 'logging host' command in ASA 8.x enable the same secure syslog that is supported in MARS release 6.x?

The configuration on MARS is in the bottom of the table located at:

http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.0/device/configuration/guide/chAsa8x.html#wp1053993

And yes, SECURE is the key word needed, but only works if you specify TCP.

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/l2.html#wp1751719

add'l related question - can Snare use this same secure syslog protocol to talk to MARS?

No. Secure Syslog is only supported from the ASA.

thanks rajett - so as I understand it, MARS will only listen for syslog on udp 514 in R6, with the exception being ASA which uses secure syslog?

thanks for the prompt replies

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: