Syslog from ASA

Unanswered Question
Dec 6th, 2009
User Badges:

I have an ASA which has been configured with forwarding all logs to an external attached Syslog server. default udp is being used to have this work. Requirement is to have the firewall log all traffic to this syslog server. But somehow it doesnt seem to work.

Syslog server doesnt seem to receive any logs. I am in a dilemma as to how this should be checked on the firewall.

When we say ASA should log all traffic to this server, which interface will it use to forward traffic to syslog and whether i should have specific rules on this interface to do so. Is there a way we can see whether the traffic is passing from firewall to syslog or not?


Following are the interfaces on the ASA with security level:


Inside - Level 100

dmz servers - 20

subsidary - 50

Outside - 0


This syslog server is connected on the subsidary interface.

Current configuration is:  logging host inside 192.168.100.11


Please suggest.


Thank You.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
chaitu_kranthi Sun, 12/06/2009 - 19:55
User Badges:

Hi,


We have to specify that using which interface that traffic has to pass. other wise it won't send the log information to syslog server.


below mentioned is the sample configuration, try with this one and let me know if you have any issue.


logging enable
logging timestamp
logging standby
logging buffer-size 125000
logging console alerts
logging buffered notifications
logging trap notifications
logging asdm notifications
logging facility 22
logging device-id hostname
logging host inside X.X.X.X (inside is the nothing but interface name of the inside interface)

suthomas1 Mon, 12/07/2009 - 02:17
User Badges:

Thanks,

I did try with the same config. But, the server is connected off subsidary interface and i have given "inside" interface in the login command.

Could that cause any issues or do i need any specific rules to get this working.


Appreciate your help.

Conor Cunningham Mon, 12/07/2009 - 05:17
User Badges:

G'day,


I would recommend using the subsidary interface in your command as that is where your syslog server resides.


So, try


no logging host inside 192.168.100.11

logging host subsidary 192.168.100.11


Cheers,


Conor

Actions

This Discussion