Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
518
Views
0
Helpful
3
Replies

Syslog from ASA

suthomas1
Level 6
Level 6

‎12-06-2009 06:07 PM - edited ‎03-11-2019 09:45 AM

I have an ASA which has been configured with forwarding all logs to an external attached Syslog server. default udp is being used to have this work. Requirement is to have the firewall log all traffic to this syslog server. But somehow it doesnt seem to work.

Syslog server doesnt seem to receive any logs. I am in a dilemma as to how this should be checked on the firewall.

When we say ASA should log all traffic to this server, which interface will it use to forward traffic to syslog and whether i should have specific rules on this interface to do so. Is there a way we can see whether the traffic is passing from firewall to syslog or not?

Following are the interfaces on the ASA with security level:


Inside - Level 100

dmz servers - 20

subsidary - 50

Outside - 0


This syslog server is connected on the subsidary interface.

Current configuration is:  logging host inside 192.168.100.11

Please suggest.


Thank You.

Labels:
0 Helpful
3 Replies 3

chaitu_kranthi
Level 1
Level 1

‎12-06-2009 07:55 PM

Hi,

We have to specify that using which interface that traffic has to pass. other wise it won't send the log information to syslog server.

below mentioned is the sample configuration, try with this one and let me know if you have any issue.

logging enable
logging timestamp
logging standby
logging buffer-size 125000
logging console alerts
logging buffered notifications
logging trap notifications
logging asdm notifications
logging facility 22
logging device-id hostname
logging host inside X.X.X.X (inside is the nothing but interface name of the inside interface)

0 Helpful

suthomas1
Level 6
Level 6
In response to chaitu_kranthi

‎12-07-2009 02:17 AM

Thanks,

I did try with the same config. But, the server is connected off subsidary interface and i have given "inside" interface in the login command.

Could that cause any issues or do i need any specific rules to get this working.


Appreciate your help.

0 Helpful

Conor Cunningham
Level 1
Level 1
In response to suthomas1

‎12-07-2009 05:17 AM

G'day,

I would recommend using the subsidary interface in your command as that is where your syslog server resides.

So, try

no logging host inside 192.168.100.11

logging host subsidary 192.168.100.11

Cheers,

Conor

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card