Multiple Syslog Servers

Unanswered Question
Feb 23rd, 2010
User Badges:

I know in the ASA5520 we use, i can created multiple syslog servers to send syslogs to. However, I am

wondering, is there a way to segment the data?  IE - We have a "generic" syslog server that gets all the syslog data (ncluding Informational), but I would like to create a second syslog entry on the ASA (pointing to a different IP address) and have it ONLY send specific message types.


Basically, I am wanting to have the messages related to the Botnet filtering send to a differnt syslog server.


Is this possible?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Kureli Sankar Sun, 03/14/2010 - 15:46
User Badges:
  • Cisco Employee,

Here is a thought may be this might work for you.


Refer this link for botnet:

https://supportforums.cisco.com/docs/DOC-8782

botnet syslogs

338001 - 338004

338101 - 338104

338201 - 338204

338301 - 338310


Refer this link for logging commands:http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/l2.html#wp1772272

1. configure a logging list and send it to buffer and wrap that to ftp server


hostname(config)# logging list my-list 338001 - 338004
hostname(config)# logging list my-list 338101 - 338104
hostname(config)# logging list my-list 338201 - 338204
hostname(config)# logging list my-list 338301 - 33831
hostname(config)# logging buffered my-list
hostname(config)# logging ftp-server 10.10.10.1 /syslogs userid password
hostname(config)# logging ftp-bufferwrap

2 Then you can send other syslogs to another syslog server

hostname(config)# logging trap 3
hostname(config)# logging host inside 10.10.10.2

-KS



















dartgenov Thu, 11/21/2013 - 09:54
User Badges:

I was wondering also if there is a way to send only specific log messages (defined by the logging list) to one server while still sending the rest to another syslog server?

Actions

This Discussion