Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Need information on logging ASA5505

Hello,

I need to learn about logging and viewing the logs on an ASA5505.  I am new to this  - in general, I think logging means to track all traffic inbound to the firewall and then save it somewhere so I can look at to see what is going on.  Can someone explain the theory to me? Like what information I should be watching for?

 

Thanks

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

I recommend you have a listen

I recommend you have a listen to the TAC Security Podcast #32. It had an excellent talk all about ASA syslogs and how to use them. You can find it (and all the other episodes) here.

Syslogs are much more than just connection and access-list records, although they can include those too. You basically set severity levels you are interested in and send the logs to a log server where they are archived and searchable (and perhaps setup to take certain action such as alert an admin if something goes wrong).

Many people set their logging level too high and then proceed to not use the syslog since a firewall with logging level 6 will create a message for every single tcp session establishment and teardown. That can often mean hundreds of thousand or even millions of message per day.

If you want an overview of the logging levels and how to setup logging in general, refer to this section of the configuration guide.

3 REPLIES
Hall of Fame Super Silver

I recommend you have a listen

I recommend you have a listen to the TAC Security Podcast #32. It had an excellent talk all about ASA syslogs and how to use them. You can find it (and all the other episodes) here.

Syslogs are much more than just connection and access-list records, although they can include those too. You basically set severity levels you are interested in and send the logs to a log server where they are archived and searchable (and perhaps setup to take certain action such as alert an admin if something goes wrong).

Many people set their logging level too high and then proceed to not use the syslog since a firewall with logging level 6 will create a message for every single tcp session establishment and teardown. That can often mean hundreds of thousand or even millions of message per day.

If you want an overview of the logging levels and how to setup logging in general, refer to this section of the configuration guide.

New Member

Thank you for your fast

Thank you for your fast response Marvin - I will start here :)

marvin, this is great info!

marvin,

 

this is great info! bookmarked!

39
Views
0
Helpful
3
Replies
CreatePlease to create content