I have an ASA which has been configured with forwarding all logs to an external attached Syslog server. default udp is being used to have this work. Requirement is to have the firewall log all traffic to this syslog server. But somehow it doesnt seem to work.
Syslog server doesnt seem to receive any logs. I am in a dilemma as to how this should be checked on the firewall.
When we say ASA should log all traffic to this server, which interface will it use to forward traffic to syslog and whether i should have specific rules on this interface to do so. Is there a way we can see whether the traffic is passing from firewall to syslog or not?
Following are the interfaces on the ASA with security level:
Inside - Level 100
dmz servers - 20
subsidary - 50
Outside - 0
This syslog server is connected on the subsidary interface.
Current configuration is: logging host inside 192.168.100.11