Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Syslog from ASA

I have an ASA which has been configured with forwarding all logs to an external attached Syslog server. default udp is being used to have this work. Requirement is to have the firewall log all traffic to this syslog server. But somehow it doesnt seem to work.

Syslog server doesnt seem to receive any logs. I am in a dilemma as to how this should be checked on the firewall.

When we say ASA should log all traffic to this server, which interface will it use to forward traffic to syslog and whether i should have specific rules on this interface to do so. Is there a way we can see whether the traffic is passing from firewall to syslog or not?

Following are the interfaces on the ASA with security level:


Inside - Level 100

dmz servers - 20

subsidary - 50

Outside - 0


This syslog server is connected on the subsidary interface.

Current configuration is:  logging host inside 192.168.100.11

Please suggest.


Thank You.

3 REPLIES
Community Member

Re: Syslog from ASA

Hi,

We have to specify that using which interface that traffic has to pass. other wise it won't send the log information to syslog server.

below mentioned is the sample configuration, try with this one and let me know if you have any issue.

logging enable
logging timestamp
logging standby
logging buffer-size 125000
logging console alerts
logging buffered notifications
logging trap notifications
logging asdm notifications
logging facility 22
logging device-id hostname
logging host inside X.X.X.X (inside is the nothing but interface name of the inside interface)

Community Member

Re: Syslog from ASA

Thanks,

I did try with the same config. But, the server is connected off subsidary interface and i have given "inside" interface in the login command.

Could that cause any issues or do i need any specific rules to get this working.


Appreciate your help.

Community Member

Re: Syslog from ASA

G'day,

I would recommend using the subsidary interface in your command as that is where your syslog server resides.

So, try

no logging host inside 192.168.100.11

logging host subsidary 192.168.100.11

Cheers,

Conor

257
Views
0
Helpful
3
Replies
CreatePlease to create content