Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Best practise for log configuratin and backup in ASA5505

Hi experts.........

I like to take log backup in ASA.. and i like to check whether any attack pattern is there?? how could i do this...???

Also how could i do a best practise for this???

Thanks&Regards

Vipin

Thanks and Regards, Vipin
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Best practise for log configuratin and backup in ASA5505

Vipin,

To add further, here is the configuration guide to configure Syslog Collector:

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/monitor_nsel.html#wp1118451

To the same using ASDM, please refer to this document:

https://supportforums.cisco.com/docs/DOC-6114

In past, i have used Kiwi(freeware), Solar Winds Orion & Cisco MARS(http://www.cisco.com/en/US/products/ps6241/index.html). Please understand these just a few suggestions and not Cisco recommendations

Hope this helps. Please reply if you need further assistance.

Regards,
Chirag
P.S.: Please mark this thread as answered if you feel your query is answered. Do.rate helpful posts.

12 REPLIES
Cisco Employee

Re: Best practise for log configuratin and backup in ASA5505

Hello Vipin,

To acheive the same you can send syslogs from the ASA to an external server. You can either us freeware/third party solutions or Cisco MARS to do the needful.

Hope this helps. Please reply if you need further assistance.

Regards,
Chirag

P.S.: Please mark this thread as answered if you feel your query is answered. Do.rate helpful posts.

Cisco Employee

Re: Best practise for log configuratin and backup in ASA5505

Vipin,

To add further, here is the configuration guide to configure Syslog Collector:

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/monitor_nsel.html#wp1118451

To the same using ASDM, please refer to this document:

https://supportforums.cisco.com/docs/DOC-6114

In past, i have used Kiwi(freeware), Solar Winds Orion & Cisco MARS(http://www.cisco.com/en/US/products/ps6241/index.html). Please understand these just a few suggestions and not Cisco recommendations

Hope this helps. Please reply if you need further assistance.

Regards,
Chirag
P.S.: Please mark this thread as answered if you feel your query is answered. Do.rate helpful posts.

New Member

Re: Best practise for log configuratin and backup in ASA5505

csaxena wrote:

Vipin,

To add further, here is the configuration guide to configure Syslog Collector:

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/monitor_nsel.html#wp1118451

To the same using ASDM, please refer to this document:

https://supportforums.cisco.com/docs/DOC-6114

In past, i have used Kiwi(freeware), Solar Winds Orion & Cisco MARS(http://www.cisco.com/en/US/products/ps6241/index.html). Please understand these just a few suggestions and not Cisco recommendations

Hope this helps. Please reply if you need further assistance.

Regards,
Chirag
P.S.: Please mark this thread as answered if you feel your query is answered. Do.rate helpful posts.

Hi Chirag

Tanks for your reply & sorry for my late reply.

Is kiwi syslog server is free????? Did you work with any of syslog servers??? please share that also if any..........

Thanks&Regards

Vipin Raj

Thanks and Regards, Vipin
Cisco Employee

Re: Best practise for log configuratin and backup in ASA5505

This is the link for Kiwi Syslog Server :

http://www.solarwinds.com/products/freetools/kiwi_syslog_server/

I have worked on Orion, Kiwi and MARS. MARS being more extensive. Please let me know if you looking forward for some specific information.

Hope this helps. Please reply if you need further assistance.

Regards,
Chirag
P.S.: Please mark this thread as answered if you feel your query is answered. Do rate helpful posts.

New Member

Re: Best practise for log configuratin and backup in ASA5505

csaxena wrote:

This is the link for Kiwi Syslog Server :

http://www.solarwinds.com/products/freetools/kiwi_syslog_server/

I have worked on Orion, Kiwi and MARS. MARS being more extensive. Please let me know if you looking forward for some specific information.

Hope this helps. Please reply if you need further assistance.

Regards,
Chirag
P.S.: Please mark this thread as answered if you feel your query is answered. Do rate helpful posts.

Hi Chirag,

Kiwi is free right?? I have orion NPM.. it is in our environment.... what about MARS?? is it free or paid???

Thanks&Regards

Vipin

Thanks and Regards, Vipin
New Member

Re: Best practise for log configuratin and backup in ASA5505

Hi Vipin,

Kiwi is a free syslog application. However CISCO MARS is a paid service.MARS is Monitoring, Analysis and Response system, which is a separate hardware in itself, which you will have to buy.

I have attached the link for MARS, it gives a brief overview on CISCO MARS.

Hope you find the link useful.

Regards,

Akhil

New Member

Re: Best practise for log configuratin and backup in ASA5505

Hi Vipin,

Sorry the link was not attched to the pervious post,

http://www.cisco.com/en/US/products/ps6241/products_data_sheets_list.html

The above link provides a brief description on MARS.

Cisco Employee

Re: Best practise for log configuratin and backup in ASA5505

Thanks Akhil for sharing the same. Vipin if you have Orion NPM then that should do the job for you.

Regards,
Chirag
P.S.: Please mark this thread as answered if you feel your query is answered. Do rate helpful posts.

New Member

Re: Best practise for log configuratin and backup in ASA5505

Hi Akhil/Chiraj,

Thanks for your reply....

Thanks

Vipin

Thanks and Regards, Vipin
Cisco Employee

Re: Best practise for log configuratin and backup in ASA5505

Your welcome Vipin. Please mark the post "Answered" for other to refer it in future.

Regards,
Chirag

New Member

Re: Best practise for log configuratin and backup in ASA5505

Hi

I am going to implement Kiwi syslog server in my organization.

Do i need to configure levelof logging to ---> informational or error ?????????????

All i need to backup logs and check for any attack pattern in ASA.......... so please suggest a suitable answer............ASAP...

Thanks

Vipin

Thanks and Regards, Vipin
Cisco Employee

Re: Best practise for log configuratin and backup in ASA5505

Hello Vipin,

Glad to hear that your implementing this.

Here is guide which talks about all the syslogging security levels and its description.

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/monitor_syslog.html#wp1082848

Regards,
Chirag
P.S.: Please mark this thread as answered if you feel your query is answered. Do rate helpful posts.

1162
Views
30
Helpful
12
Replies