02-20-2011 11:32 PM - edited 03-11-2019 12:53 PM
Hi experts.........
I like to take log backup in ASA.. and i like to check whether any attack pattern is there?? how could i do this...???
Also how could i do a best practise for this???
Thanks&Regards
Vipin
Solved! Go to Solution.
02-21-2011 12:16 AM
Vipin,
To add further, here is the configuration guide to configure Syslog Collector:
http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/monitor_nsel.html#wp1118451
To the same using ASDM, please refer to this document:
https://supportforums.cisco.com/docs/DOC-6114
In past, i have used Kiwi(freeware), Solar Winds Orion & Cisco MARS(http://www.cisco.com/en/US/products/ps6241/index.html). Please understand these just a few suggestions and not Cisco recommendations
Hope this helps. Please reply if you need further assistance.
Regards,
Chirag
P.S.: Please mark this thread as answered if you feel your query is answered. Do.rate helpful posts.
02-21-2011 12:08 AM
Hello Vipin,
To acheive the same you can send syslogs from the ASA to an external server. You can either us freeware/third party solutions or Cisco MARS to do the needful.
Hope this helps. Please reply if you need further assistance.
Regards,
Chirag
P.S.: Please mark this thread as answered if you feel your query is answered. Do.rate helpful posts.
02-21-2011 12:16 AM
Vipin,
To add further, here is the configuration guide to configure Syslog Collector:
http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/monitor_nsel.html#wp1118451
To the same using ASDM, please refer to this document:
https://supportforums.cisco.com/docs/DOC-6114
In past, i have used Kiwi(freeware), Solar Winds Orion & Cisco MARS(http://www.cisco.com/en/US/products/ps6241/index.html). Please understand these just a few suggestions and not Cisco recommendations
Hope this helps. Please reply if you need further assistance.
Regards,
Chirag
P.S.: Please mark this thread as answered if you feel your query is answered. Do.rate helpful posts.
02-21-2011 06:28 PM
csaxena wrote:
Vipin,
To add further, here is the configuration guide to configure Syslog Collector:
http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/monitor_nsel.html#wp1118451
To the same using ASDM, please refer to this document:
https://supportforums.cisco.com/docs/DOC-6114
In past, i have used Kiwi(freeware), Solar Winds Orion & Cisco MARS(http://www.cisco.com/en/US/products/ps6241/index.html). Please understand these just a few suggestions and not Cisco recommendations
Hope this helps. Please reply if you need further assistance.
Regards,
Chirag
P.S.: Please mark this thread as answered if you feel your query is answered. Do.rate helpful posts.
Hi Chirag
Tanks for your reply & sorry for my late reply.
Is kiwi syslog server is free????? Did you work with any of syslog servers??? please share that also if any..........
Thanks&Regards
Vipin Raj
02-21-2011 06:39 PM
This is the link for Kiwi Syslog Server :
http://www.solarwinds.com/products/freetools/kiwi_syslog_server/
I have worked on Orion, Kiwi and MARS. MARS being more extensive. Please let me know if you looking forward for some specific information.
Hope this helps. Please reply if you need further assistance.
Regards,
Chirag
P.S.: Please mark this thread as answered if you feel your query is answered. Do rate helpful posts.
02-21-2011 07:31 PM
csaxena wrote:
This is the link for Kiwi Syslog Server :
http://www.solarwinds.com/products/freetools/kiwi_syslog_server/
I have worked on Orion, Kiwi and MARS. MARS being more extensive. Please let me know if you looking forward for some specific information.
Hope this helps. Please reply if you need further assistance.
Regards,
Chirag
P.S.: Please mark this thread as answered if you feel your query is answered. Do rate helpful posts.
Hi Chirag,
Kiwi is free right?? I have orion NPM.. it is in our environment.... what about MARS?? is it free or paid???
Thanks&Regards
Vipin
02-21-2011 07:56 PM
Hi Vipin,
Kiwi is a free syslog application. However CISCO MARS is a paid service.MARS is Monitoring, Analysis and Response system, which is a separate hardware in itself, which you will have to buy.
I have attached the link for MARS, it gives a brief overview on CISCO MARS.
Hope you find the link useful.
Regards,
Akhil
02-21-2011 07:57 PM
Hi Vipin,
Sorry the link was not attched to the pervious post,
http://www.cisco.com/en/US/products/ps6241/products_data_sheets_list.html
The above link provides a brief description on MARS.
02-21-2011 08:00 PM
Thanks Akhil for sharing the same. Vipin if you have Orion NPM then that should do the job for you.
Regards,
Chirag
P.S.: Please mark this thread as answered if you feel your query is answered. Do rate helpful posts.
02-21-2011 08:11 PM
Hi Akhil/Chiraj,
Thanks for your reply....
Thanks
Vipin
02-21-2011 08:17 PM
Your welcome Vipin. Please mark the post "Answered" for other to refer it in future.
Regards,
Chirag
02-27-2011 07:49 PM
Hi
I am going to implement Kiwi syslog server in my organization.
Do i need to configure levelof logging to ---> informational or error ?????????????
All i need to backup logs and check for any attack pattern in ASA.......... so please suggest a suitable answer............ASAP...
Thanks
Vipin
02-28-2011 12:36 AM
Hello Vipin,
Glad to hear that your implementing this.
Here is guide which talks about all the syslogging security levels and its description.
http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/monitor_syslog.html#wp1082848
Regards,
Chirag
P.S.: Please mark this thread as answered if you feel your query is answered. Do rate helpful posts.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide