SA520 Syslog accounting?

Answered Question
Jul 30th, 2010

I can't seem to get a straight answer from techsupport. Does anyone know how to turn on accounting on the SA520?  I need that data for my network management software.

Also, does anyone know when the next firmware upgrade is coming out?  There are some bothersome issues that I haven't received a credible response on for over a week now that need to be fixed. If I can't get these fixed - I'm going to have to look at other devices.

Finally - how can we find out what is going to be fixed in the next release?

-=Clark

I have this problem too.
0 votes
Correct Answer by Steven DiStefano about 6 years 4 months ago

Hi Again,

I also spoke to the Product Manager, and he is very intrested in contacting you directly with the Development Team to understand the use cases.  He said they will use your contact info from the case, if thats OK with you?

When we are done, I can summarize what transpired in this thread with you.

Steve

/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman","serif";}

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Steven DiStefano Fri, 07/30/2010 - 14:22

Sa520 can send SYSLOGS on UDP port 514 to a server in the NOC as far

as I know. Are you trying to figure out how to turn this on? That is

on the admin guide I am sure.

Do you have a case # to share someone may be able to follow up on the

details. I not famaliar with what you mean by accounting? Is that

like an audit trail of access?

Release note will be distributed when the new FW is released. I don't

think many people, except the QA test team, really have an idea on

when they will be done based on what they are finding. It would not

be smart to promise dates for that reason. But that doc will specify

all closed bugs as and remaining known issues.

On Jul 30, 2010, at 4:55 PM, "clarkboyd"

clarkboyd Fri, 07/30/2010 - 14:46

I have the logging going to my syslog server just fine.  However, it doesn't include any packet sizes that is utilized to make percentages of various types of traffic per protocol.

Here's an entry - UID=0 [firewall] LOG_PACKET[ALLOW] IN=SELF OUT=LAN SRC=192.168.75.1 DST=192.168.75.10 PROTO=TCP SPT=443 DPT=56410  Component: KERNEL

But no packet size!

Cisco case #614981329.  Bluntly put - I have NEVER had this much trouble bringing a Cisco device online. The level of frustration may soon be insurmountable.

Is there at least a generic date on when it will be out?!?  I'm at a crossroads - the SA520 is not adequate for my business needs and I can wait several weeks for a fix. However, if we're talking months - I need to evaluate other equipment.

What I like about the SA520:

  1. It's Cisco ..  and rack mountable
  2. Rack mountable
  3. Inexpensive URL filtering

What I dislike about the SA520:

  1. Logging is not up to Cisco standards. [CRITICAL]
  2. Web user interface with no CL available
  3. Redirect screen for the URL filtering is more of a TREND MICRO advertisement
  4. Redirect screen for the URL filtering is not configurable.
  5. The OIDs in SNMP seem to be off and don't always work.

If Cisco can fix the logging - I can wait for the other items.

-=Clark

Steven DiStefano Fri, 07/30/2010 - 14:53

I will help you with this. I am home already (looooong week). Can we

pick this up Monday?

Steve DiStefano

Technology Solutions Architect - Sales

Cisco Systems

Research Triangle Park

North Carolina, U.S.A

1.919.392.6219

www.cisco.com/smb

On Jul 30, 2010, at 5:47 PM, "clarkboyd"

clarkboyd Fri, 07/30/2010 - 15:32

Sure.  Monday would be fine.

Hopefully, we can at least get the logging issued squared away.;

-=Clark

Steven DiStefano Mon, 08/02/2010 - 08:02

Clark,

I have asked the Engineering team for feedback on the logging issue.

I also read your case.

What FW are you currently running?

Steve

Correct Answer
Steven DiStefano Mon, 08/02/2010 - 12:53

Hi Again,

I also spoke to the Product Manager, and he is very intrested in contacting you directly with the Development Team to understand the use cases.  He said they will use your contact info from the case, if thats OK with you?

When we are done, I can summarize what transpired in this thread with you.

Steve

/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman","serif";}

clarkboyd Mon, 08/02/2010 - 21:34

Yes, that will be fine if he would like to chat on the phone.  Preferably late in the afternoon or early evening.   Meetings all morning tomorrow morning and SOX testing in the afternoon.  I can put the SOX stuff on hold to talk easier than I can skip out of a meeting.  hehe...

-=Clark

Actions

This Discussion