cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
16565
Views
0
Helpful
18
Replies

ASA Firewall Logs

aryarahul
Level 1
Level 1

Hi ,

How can i store the logs of ASA firewall to an external desktop or a server ?

I need to report these logs regulary to the customer.

1 Accepted Solution

Accepted Solutions

Try with just    " / "   in the path, because the filezilla already share the entire path, you just configure the asdm/asa-cli with the root path.

View solution in original post

18 Replies 18

Marvin Rhoads
Hall of Fame
Hall of Fame

You need to have a server running a syslog daemon (or ftp server). Then configure that server's IP address as the destination for your ASA's log messages.

You can do the latter from the command line or ASDM GUI, depending on your preference. The configuration guides for the ASA tell you how step-by-step. They are all posted here.

Specifically, see this section for the setup with ASDM 6.4.

Thanks for the reply,

I have done the settings through ASDM but just have one confusion , what should be written in the path field

suppose the ip of my ftp server is 10.10.10.10 and i need to store the logs in a folder named LOG which is placed on the desktop of the server then what shud go in the path field ??

Create a user on the FTP server whose home directory is that LOG folder and then no path needs to be specified.

Alternatively, you can specifiy it as shown in the CLI configuration guide:

logging ftp-server server path username password

Example:

hostname(config)# logging ftp-server 10.1.1.1 /syslogs logsupervisor 1luvMy10gs

The above command identifies the FTP server on which you want to store log buffer content. The server argument specifies the IP address of the external FTP server. The path argument specifies the directory path on the FTP server where the log buffer data is to be saved. This path is relative to the FTP root directory. The username argument specifies a username that is valid for logging into the FTP server. The password argument indicates the password for the username specified.

Still no luck ...

i created a user in ftp assigned tht folder LOG as the root or home directory for it.

in ASDM i gave tha path to the server but still no luck :\

find in google kiwi syslog, download it and install

in asa make so

conf t

logging enable

logging timestamp

logging console debugging

logging buffered debugging

logging trap informational

logging asdm informational

logging host inside 192.168.a.b

wr

and dont forget to rate post

Well now i am getting somewhere , Firewall is able to communicate with the ftp server but these messages are being displayed

000069)5/25/2012 12:10:43 PM - cisco (192.168.100.1)> STOR ftp:\\192.168.x.x\Desktop\logs/LOG-2012-05-25-121337.TXT

(000069)5/25/2012 12:10:43 PM - cisco (192.168.100.1)> 550 Filename invalid

(000069)5/25/2012 12:10:43 PM - cisco (192.168.100.1)> QUIT

probably fw has not privilege to create file in ftp directory. check it manually.

I see a front slash instead of a backslash in your path preceding the filename. That may be a contributing factor.

i have tried changing tht too...still no success

You may be running into a limitation of your ftp server software. What is your ftp server software?

Have you tried a test of manually creating a file with that name and doing an FTP PUT to upload it and see if it works?

I am using Filezilla..

Have you verified manually that you can copy a file using ftp from your ASA to your server?

For example:

copy disk0:/running-config  ftp://[user[:password]@]server/[path/]filename

Put in your server's IP address in place of "server".

yeah.. it worked

manually i am able to copy files into the root directory.

Can it be the case that the format in which  the ASA saves it log files has some issue ?

STOR ftp://192.168.x.x/LOG-2013-02-25-122705.TXT

(000072)2/25/2013 12:33:07 PM - cisco (192.168.100.1)> 550 Filename invalid

Any help ???

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco