Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Syslog over TCP?

Hi all,

Does anyone know if the MARS can accept syslog over TCP? The issue is that I want the ASA to stop making new connections in case the connection is lost to the MARS.

Thanks in advance!

Regards,

Jesper

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Syslog over TCP?

The configuration on MARS is in the bottom of the table located at:

http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.0/device/configuration/guide/chAsa8x.html#wp1053993

And yes, SECURE is the key word needed, but only works if you specify TCP.

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/l2.html#wp1751719

6 REPLIES
Cisco Employee

Re: Syslog over TCP?

For the ASA:

MARS release 4.x and 5.x support syslog over UDP.

Release 6.x supports Syslog over UDP and Secure Syslog on TCP

It does not support unsecured syslog on TCP.

New Member

Re: Syslog over TCP?

Hi,

Thank you very much for the answer.

Does the optional 'secure' keyword in the 'logging host' command in ASA 8.x enable the same secure syslog that is supported in MARS release 6.x?

Cisco Employee

Re: Syslog over TCP?

The configuration on MARS is in the bottom of the table located at:

http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.0/device/configuration/guide/chAsa8x.html#wp1053993

And yes, SECURE is the key word needed, but only works if you specify TCP.

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/l2.html#wp1751719

New Member

Re: Syslog over TCP?

add'l related question - can Snare use this same secure syslog protocol to talk to MARS?

Cisco Employee

Re: Syslog over TCP?

No. Secure Syslog is only supported from the ASA.

New Member

Re: Syslog over TCP?

thanks rajett - so as I understand it, MARS will only listen for syslog on udp 514 in R6, with the exception being ASA which uses secure syslog?

thanks for the prompt replies

873
Views
5
Helpful
6
Replies
CreatePlease to create content