cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3244
Views
30
Helpful
12
Replies

Best practise for log configuratin and backup in ASA5505

vipinrajrc
Level 3
Level 3

Hi experts.........

I like to take log backup in ASA.. and i like to check whether any attack pattern is there?? how could i do this...???

Also how could i do a best practise for this???

Thanks&Regards

Vipin

Thanks and Regards, Vipin
1 Accepted Solution

Accepted Solutions

Vipin,

To add further, here is the configuration guide to configure Syslog Collector:

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/monitor_nsel.html#wp1118451

To the same using ASDM, please refer to this document:

https://supportforums.cisco.com/docs/DOC-6114

In past, i have used Kiwi(freeware), Solar Winds Orion & Cisco MARS(http://www.cisco.com/en/US/products/ps6241/index.html). Please understand these just a few suggestions and not Cisco recommendations

Hope this helps. Please reply if you need further assistance.

Regards,
Chirag
P.S.: Please mark this thread as answered if you feel your query is answered. Do.rate helpful posts.

View solution in original post

12 Replies 12

csaxena
Cisco Employee
Cisco Employee

Hello Vipin,

To acheive the same you can send syslogs from the ASA to an external server. You can either us freeware/third party solutions or Cisco MARS to do the needful.

Hope this helps. Please reply if you need further assistance.

Regards,
Chirag

P.S.: Please mark this thread as answered if you feel your query is answered. Do.rate helpful posts.

Vipin,

To add further, here is the configuration guide to configure Syslog Collector:

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/monitor_nsel.html#wp1118451

To the same using ASDM, please refer to this document:

https://supportforums.cisco.com/docs/DOC-6114

In past, i have used Kiwi(freeware), Solar Winds Orion & Cisco MARS(http://www.cisco.com/en/US/products/ps6241/index.html). Please understand these just a few suggestions and not Cisco recommendations

Hope this helps. Please reply if you need further assistance.

Regards,
Chirag
P.S.: Please mark this thread as answered if you feel your query is answered. Do.rate helpful posts.

csaxena wrote:

Vipin,

To add further, here is the configuration guide to configure Syslog Collector:

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/monitor_nsel.html#wp1118451

To the same using ASDM, please refer to this document:

https://supportforums.cisco.com/docs/DOC-6114

In past, i have used Kiwi(freeware), Solar Winds Orion & Cisco MARS(http://www.cisco.com/en/US/products/ps6241/index.html). Please understand these just a few suggestions and not Cisco recommendations

Hope this helps. Please reply if you need further assistance.

Regards,
Chirag
P.S.: Please mark this thread as answered if you feel your query is answered. Do.rate helpful posts.

Hi Chirag

Tanks for your reply & sorry for my late reply.

Is kiwi syslog server is free????? Did you work with any of syslog servers??? please share that also if any..........

Thanks&Regards

Vipin Raj

Thanks and Regards, Vipin

This is the link for Kiwi Syslog Server :

http://www.solarwinds.com/products/freetools/kiwi_syslog_server/

I have worked on Orion, Kiwi and MARS. MARS being more extensive. Please let me know if you looking forward for some specific information.

Hope this helps. Please reply if you need further assistance.

Regards,
Chirag
P.S.: Please mark this thread as answered if you feel your query is answered. Do rate helpful posts.

csaxena wrote:

This is the link for Kiwi Syslog Server :

http://www.solarwinds.com/products/freetools/kiwi_syslog_server/

I have worked on Orion, Kiwi and MARS. MARS being more extensive. Please let me know if you looking forward for some specific information.

Hope this helps. Please reply if you need further assistance.

Regards,
Chirag
P.S.: Please mark this thread as answered if you feel your query is answered. Do rate helpful posts.

Hi Chirag,

Kiwi is free right?? I have orion NPM.. it is in our environment.... what about MARS?? is it free or paid???

Thanks&Regards

Vipin

Thanks and Regards, Vipin

Hi Vipin,

Kiwi is a free syslog application. However CISCO MARS is a paid service.MARS is Monitoring, Analysis and Response system, which is a separate hardware in itself, which you will have to buy.

I have attached the link for MARS, it gives a brief overview on CISCO MARS.

Hope you find the link useful.

Regards,

Akhil

Hi Vipin,

Sorry the link was not attched to the pervious post,

http://www.cisco.com/en/US/products/ps6241/products_data_sheets_list.html

The above link provides a brief description on MARS.

Thanks Akhil for sharing the same. Vipin if you have Orion NPM then that should do the job for you.

Regards,
Chirag
P.S.: Please mark this thread as answered if you feel your query is answered. Do rate helpful posts.

Hi Akhil/Chiraj,

Thanks for your reply....

Thanks

Vipin

Thanks and Regards, Vipin

Your welcome Vipin. Please mark the post "Answered" for other to refer it in future.

Regards,
Chirag

Hi

I am going to implement Kiwi syslog server in my organization.

Do i need to configure levelof logging to ---> informational or error ?????????????

All i need to backup logs and check for any attack pattern in ASA.......... so please suggest a suitable answer............ASAP...

Thanks

Vipin

Thanks and Regards, Vipin

Hello Vipin,

Glad to hear that your implementing this.

Here is guide which talks about all the syslogging security levels and its description.

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/monitor_syslog.html#wp1082848

Regards,
Chirag
P.S.: Please mark this thread as answered if you feel your query is answered. Do rate helpful posts.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: