cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
11627
Views
0
Helpful
3
Replies

Multiple Syslog Servers

don.click1
Level 4
Level 4

I know in the ASA5520 we use, i can created multiple syslog servers to send syslogs to. However, I am

wondering, is there a way to segment the data?  IE - We have a "generic" syslog server that gets all the syslog data (ncluding Informational), but I would like to create a second syslog entry on the ASA (pointing to a different IP address) and have it ONLY send specific message types.

Basically, I am wanting to have the messages related to the Botnet filtering send to a differnt syslog server.

Is this possible?

3 Replies 3

Panos Kampanakis
Cisco Employee
Cisco Employee

Unfortunately, that cannot be configured.

The syslogs sent will be the same to all syslog servers.

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/monitor.html

PK

Here is a thought may be this might work for you.

Refer this link for botnet:

https://supportforums.cisco.com/docs/DOC-8782

botnet syslogs

338001 - 338004

338101 - 338104

338201 - 338204

338301 - 338310

Refer this link for logging commands:http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/l2.html#wp1772272

1. configure a logging list and send it to buffer and wrap that to ftp server


hostname(config)# logging list my-list 338001 - 338004
hostname(config)# logging list my-list 338101 - 338104
hostname(config)# logging list my-list 338201 - 338204
hostname(config)# logging list my-list 338301 - 33831
hostname(config)# logging buffered my-list
hostname(config)# logging ftp-server 10.10.10.1 /syslogs userid password
hostname(config)# logging ftp-bufferwrap

2 Then you can send other syslogs to another syslog server

hostname(config)# logging trap 3
hostname(config)# logging host inside 10.10.10.2

-KS



















I was wondering also if there is a way to send only specific log messages (defined by the logging list) to one server while still sending the rest to another syslog server?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: