Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Syslog Server in ASA

Hi Friends,

We are using asa 5510 (asa 9.1 and asdm 7.5)

we want to get the alerts/ logs, if any changes and any issue occurred in firewall,

for this which we need to configure the syslog server, please advise with configuration what kind of syslog server is required,

we prefer not to install third party software like kivi and all. For this what is the configuration in asa and any particular pc is required it?

Thanks & Regards,

Srinivas. N

 

Thanks & Regards, Srinivas. N.
5 REPLIES
Cisco Employee

Srinivas,

Srinivas,

You can have your choice of syslog server, either it can be a free third party software which can be configured on a laptop or it can be a specific paid one.

All cisco firewall does is to forward logging information to the syslog server.

The configuration in regards to syslog can be seen at :

http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/general/asa_91_general_config/monitor_syslog.html#pgfId-1552182

You can even read more about the same in the same link starting from "Configuring Logging".

Regards,

Pulkit Saxena

New Member

Hi Pulkit Saxena,

Hi Pulkit Saxena,

Thanks for updates and just we want to get modifications and login alerts only... for this how to modify the severity_level,

Thanks,

Srinivas. 

Thanks & Regards, Srinivas. N.
Hall of Fame Super Silver

First find the log messages

First find the log messages you are interested in. Do this by turning the logging level to 6 (informational). Perform the login and modify actions and note the syslog message ID.

Then modify those message IDs to be higher priority (e.g. level 1 = alerts). Then set the  logging level to Level 1 (for example)

The syntax for changing the default level of a given log message is:

logging message message_ID level severity_level

...as explained further down in the same page linked earlier:

 http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/general/asa_91_general_config/monitor_syslog.html#93067

Cisco Employee

Srinivas,

Srinivas,

As Marvin mentioned, we can modify the message ID's to be of higher priority.

Else, you can create a logging list and can use that to send logs to the syslog server.

logging list test123 message 609001-609002

logging trap test123

By the second command, only the logs which are part of logging list test123 will go to the syslogs.

You can verify the same with the "show logging" output :

That will show something like :

Trap logging: list test123, facility 20, 0 messages logged
Logging to inside 192.168.1.2

Here is a link which mentions the same :

http://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/63884-config-asa-00.html#anc18

Regards,

Pulkit Saxena

Bronze

Hi

Hi

you should take in account the amount of space required to keep these logs (to choose HDD, other things - CPU, RAM do not matter much for logging one device). I use UNIX-like free OS with rsyslog on-board. Configuration is rather simple, if you need assistance, I could help.

183
Views
0
Helpful
5
Replies
CreatePlease login to create content