https://community.cisco.com/t5/network-security/syslog-server/m-p/3231864#M1012835 <P>There is another option for your situation, use the <STRONG>logging flash-bufferwrap</STRONG> command. This will save the existing buffer before it begins to be overwritten with new logs, to the internal flash.</P> <P>You could then use a script to periodically scrap these .TXT files off the ASA and delete them when completed.</P> <P>Your next challenge would to then inject these logs into your syslog server...?</P> <P>&nbsp;</P> <P>cheers,</P> <P>Seb.</P> Wed, 13 Dec 2017 20:16:12 GMT Seb Rupik 2017-12-13T20:16:12Z https://community.cisco.com/t5/network-security/syslog-server/m-p/3227270#M1012831 <P>Hi Guys,</P> <P>&nbsp;</P> <P>I would like to configure our ASA firewall to send all it's logs to a syslog server. Does anyone know of a good syslog server which I can use? Any help would be greatly appreciated.</P> <P>&nbsp;</P> <P>Thanks,</P> <P>Lake</P> Fri, 21 Feb 2020 14:54:27 GMT https://community.cisco.com/t5/network-security/syslog-server/m-p/3227270#M1012831 Lake 2020-02-21T14:54:27Z https://community.cisco.com/t5/network-security/syslog-server/m-p/3227670#M1012832 <P>Hi there,</P> <P>At the most simple end of the spectrum, just configure a syslog service on a BSD/ Linux box. This setup would require a little effort to search and parse the logs once collected.</P> <P>At the other end take a look at graylog: <A href="https://www.graylog.org/" target="_blank">https://www.graylog.org/</A> . This is slightly more complicated to setup, but search the logs is a breeze!</P> <P>&nbsp;</P> <P>...both are free and should provide you with what you need.</P> <P>&nbsp;</P> <P>cheers,</P> <P>Seb.</P> Wed, 06 Dec 2017 09:05:23 GMT https://community.cisco.com/t5/network-security/syslog-server/m-p/3227670#M1012832 Seb Rupik 2017-12-06T09:05:23Z https://community.cisco.com/t5/network-security/syslog-server/m-p/3228767#M1012833 <P>Thank you very much.</P> <P>&nbsp;</P> Thu, 07 Dec 2017 16:44:17 GMT https://community.cisco.com/t5/network-security/syslog-server/m-p/3228767#M1012833 Lake 2017-12-07T16:44:17Z https://community.cisco.com/t5/network-security/syslog-server/m-p/3231799#M1012834 <P>Please confirm my conclusion: although a USB drive can be mounted on the&nbsp;ASA 5506W-X firewall as "disk1:", there is no way to redirect syslog to this device?</P> <P>&nbsp;</P> <P>If that's true, it's a real bummer since we are using the firewall in the field (outside a data center) and it means we will have to drag another box along with us. Sending syslog to a remote server isn't an option since Internet connectivity isn't continuous.</P> Wed, 13 Dec 2017 18:24:54 GMT https://community.cisco.com/t5/network-security/syslog-server/m-p/3231799#M1012834 Patrick.Bryant 2017-12-13T18:24:54Z https://community.cisco.com/t5/network-security/syslog-server/m-p/3231864#M1012835 <P>There is another option for your situation, use the <STRONG>logging flash-bufferwrap</STRONG> command. This will save the existing buffer before it begins to be overwritten with new logs, to the internal flash.</P> <P>You could then use a script to periodically scrap these .TXT files off the ASA and delete them when completed.</P> <P>Your next challenge would to then inject these logs into your syslog server...?</P> <P>&nbsp;</P> <P>cheers,</P> <P>Seb.</P> Wed, 13 Dec 2017 20:16:12 GMT https://community.cisco.com/t5/network-security/syslog-server/m-p/3231864#M1012835 Seb Rupik 2017-12-13T20:16:12Z https://community.cisco.com/t5/network-security/syslog-server/m-p/3300112#M1012836 <P>Thanks Seb</P> <P>&nbsp;</P> Thu, 21 Dec 2017 14:34:15 GMT https://community.cisco.com/t5/network-security/syslog-server/m-p/3300112#M1012836 Lake 2017-12-21T14:34:15Z