Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ASA Active/Standby to CS-MARS

Hello everyone.

I know this topic has been discussed previously:

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=Intrusion%20Prevention%20Systems/IDS&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.1ddb520d/4#selected_message

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=General&topicID=.ee6e1f8&fromOutline=&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.1ddee936

but, I have an additional question/concern regarding this setup. I also currently have the ASA pairs configured where only the active is configured with both IPS added. This is fine. The problem I have is a potential to miss syslog information regarding failover in the case of the standby ASA thinking it needs to become active and the Active not knowing about it. This has happened due to a topology problem and it would have been helpful to have logs from the Standby ASA archived. I know I can't add it through a discover because of the name discrepancy, but I can add it as a device so that it receives logs from the ASA. An additional problem with this is that, since I can't discover it, it can't recognize the names, etc... being sent through syslog (objects, etc). Has anyone successfully added an ASA in this situation? If not, I think this would be a helpful feature.

Thank you,

Jeff Groesbeck

5 REPLIES

Re: ASA Active/Standby to CS-MARS

AFAIR ASA 8.x introduced different hostname for both faiover units, did you try that?

Regards

Farrukh

New Member

Re: ASA Active/Standby to CS-MARS

Hello.

I wasn't aware of this. I tried searching for this and was unsuccessful. Do you have a link I could look at for this?

Thank you,

Jeff

Re: ASA Active/Standby to CS-MARS

I'm sorry, I think I did not remember this correctly. I just went through the 8.x release notes and 8.0 Cisco TAC CTU training slides and could not locate such a feature. Maybe I was dreaming :)

Regards

Farrukh

New Member

Re: ASA Active/Standby to CS-MARS

That's OK. That would be a nice feature though. :)

Thanks,

Jeff

New Member

Re: ASA Active/Standby to CS-MARS

I would say that you can just have the failover asa send syslog to mars then sort through the "unknown reporting device" logs looking for the ip of that asa. Or you can setup a syslog daemon on another computer and have it record the syslogs there.

195
Views
0
Helpful
5
Replies
CreatePlease to create content