Logging Abilities for ASA Firewall using the ASA-SSM-20 IPS module.

Answered Question
Jul 6th, 2009

Hi,

Please could someone give some advice on how to get the ASA-SSM-20 to log information to something like Kiwi Syslog services etc. We just need to get the alerts out of the IPS in order to build SMS/email functionality for alerting various response teams.

Thanks

I have this problem too.
0 votes
Correct Answer by michael.d.brown... about 7 years 5 months ago

unfortantely, no syslog support

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807335ca.shtml

you can configure the rules to send snmp traps and you can pull events using SDEE, IPS Manager Express and Cisco MARS.

if you have logging enabled on the ASA a syslog msg will appear when the IPS is requesting or blocking traffic.

here is a link to the IPS configuration guides

http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/tsd_products_support_configure.html

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
michael.d.brown... Mon, 07/06/2009 - 08:57

unfortantely, no syslog support

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00807335ca.shtml

you can configure the rules to send snmp traps and you can pull events using SDEE, IPS Manager Express and Cisco MARS.

if you have logging enabled on the ASA a syslog msg will appear when the IPS is requesting or blocking traffic.

here is a link to the IPS configuration guides

http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/tsd_products_support_configure.html

Actions

This Discussion