Best practise for log configuratin and backup in ASA5505

Answered Question
Feb 20th, 2011

Hi experts.........

I like to take log backup in ASA.. and i like to check whether any attack pattern is there?? how could i do this...???

Also how could i do a best practise for this???

Thanks&Regards

Vipin

I have this problem too.
0 votes
Correct Answer by csaxena about 3 years 2 months ago

Vipin,

To add further, here is the configuration guide to configure Syslog Collector:

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/monitor_nsel.html#wp1118451

To the same using ASDM, please refer to this document:

https://supportforums.cisco.com/docs/DOC-6114

In past, i have used Kiwi(freeware), Solar Winds Orion & Cisco MARS(http://www.cisco.com/en/US/products/ps6241/index.html). Please understand these just a few suggestions and not Cisco recommendations

Hope this helps. Please reply if you need further assistance.

Regards,
Chirag
P.S.: Please mark this thread as answered if you feel your query is answered. Do.rate helpful posts.

  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 3.8 (9 ratings)
csaxena Mon, 02/21/2011 - 00:08

Hello Vipin,

To acheive the same you can send syslogs from the ASA to an external server. You can either us freeware/third party solutions or Cisco MARS to do the needful.

Hope this helps. Please reply if you need further assistance.

Regards,
Chirag

P.S.: Please mark this thread as answered if you feel your query is answered. Do.rate helpful posts.

Correct Answer
csaxena Mon, 02/21/2011 - 00:16

Vipin,

To add further, here is the configuration guide to configure Syslog Collector:

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/monitor_nsel.html#wp1118451

To the same using ASDM, please refer to this document:

https://supportforums.cisco.com/docs/DOC-6114

In past, i have used Kiwi(freeware), Solar Winds Orion & Cisco MARS(http://www.cisco.com/en/US/products/ps6241/index.html). Please understand these just a few suggestions and not Cisco recommendations

Hope this helps. Please reply if you need further assistance.

Regards,
Chirag
P.S.: Please mark this thread as answered if you feel your query is answered. Do.rate helpful posts.

vipinrajrc Mon, 02/21/2011 - 18:28

csaxena wrote:

Vipin,

To add further, here is the configuration guide to configure Syslog Collector:

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/monitor_nsel.html#wp1118451

To the same using ASDM, please refer to this document:

https://supportforums.cisco.com/docs/DOC-6114

In past, i have used Kiwi(freeware), Solar Winds Orion & Cisco MARS(http://www.cisco.com/en/US/products/ps6241/index.html). Please understand these just a few suggestions and not Cisco recommendations

Hope this helps. Please reply if you need further assistance.

Regards,
Chirag
P.S.: Please mark this thread as answered if you feel your query is answered. Do.rate helpful posts.

Hi Chirag

Tanks for your reply & sorry for my late reply.

Is kiwi syslog server is free????? Did you work with any of syslog servers??? please share that also if any..........

Thanks&Regards

Vipin Raj

csaxena Mon, 02/21/2011 - 18:39

This is the link for Kiwi Syslog Server :

http://www.solarwinds.com/products/freetools/kiwi_syslog_server/

I have worked on Orion, Kiwi and MARS. MARS being more extensive. Please let me know if you looking forward for some specific information.

Hope this helps. Please reply if you need further assistance.

Regards,
Chirag
P.S.: Please mark this thread as answered if you feel your query is answered. Do rate helpful posts.

vipinrajrc Mon, 02/21/2011 - 19:31

csaxena wrote:

This is the link for Kiwi Syslog Server :

http://www.solarwinds.com/products/freetools/kiwi_syslog_server/

I have worked on Orion, Kiwi and MARS. MARS being more extensive. Please let me know if you looking forward for some specific information.

Hope this helps. Please reply if you need further assistance.

Regards,
Chirag
P.S.: Please mark this thread as answered if you feel your query is answered. Do rate helpful posts.

Hi Chirag,

Kiwi is free right?? I have orion NPM.. it is in our environment.... what about MARS?? is it free or paid???

Thanks&Regards

Vipin

akhb Mon, 02/21/2011 - 19:56

Hi Vipin,

Kiwi is a free syslog application. However CISCO MARS is a paid service.MARS is Monitoring, Analysis and Response system, which is a separate hardware in itself, which you will have to buy.

I have attached the link for MARS, it gives a brief overview on CISCO MARS.

Hope you find the link useful.

Regards,

Akhil

csaxena Mon, 02/21/2011 - 20:00

Thanks Akhil for sharing the same. Vipin if you have Orion NPM then that should do the job for you.

Regards,
Chirag
P.S.: Please mark this thread as answered if you feel your query is answered. Do rate helpful posts.

csaxena Mon, 02/21/2011 - 20:17

Your welcome Vipin. Please mark the post "Answered" for other to refer it in future.

Regards,
Chirag

vipinrajrc Sun, 02/27/2011 - 19:49

Hi

I am going to implement Kiwi syslog server in my organization.

Do i need to configure levelof logging to ---> informational or error ?????????????

All i need to backup logs and check for any attack pattern in ASA.......... so please suggest a suitable answer............ASAP...

Thanks

Vipin

Actions

Login or Register to take actions

This Discussion

Posted February 20, 2011 at 11:32 PM
Stats:
Replies:12 Avg. Rating:3.78571
Views:1019 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard

Rank Username Points
1 7,861
2 6,140
3 3,170
4 1,473
5 1,446