topic ASA Syslog Names in Network Security

ASA Syslog Names

Andrew Kirkby — Tue, 12 Mar 2019 02:33:11 GMT

Hello All,

Is anyone aware if it is possible to control the syslog name resolution independently of the names/no names configuration command of the ASA?

I have a large number of devices deployed across a network, all log to a central SYSLOG service. Generally names is enabled on the firewalls and SYSLOG output consequently includes the names. However, occasionally during troubleshooting names are turned off on the firewall 'no names', unforetunately this then means that all syslog output then only has the IP addresses included. When searching through syslog output at a later date it then means that logs could appear in one of two formats i.e. with names or without.

Is there a way to consistently output either names or IP's in syslog messages independently of the 'names/no names' config? Something like 'logging names' or 'logging no names' would be nice?

Many thanks,

Andy

ASA Syslog Names

Karsten Iwen — Mon, 02 Sep 2013 12:18:42 GMT

Because of this inconsistency I try to never use the names if possible. With that I know hat the syslog always includes the IP regardless for which system I'm searching. If you are using a linux/unix syslog server the following scenario should be quite easy to implement:

1) Build a name-table on the syslog-server with an IP to name-mapping

2) build a script that changes the IP to the name based on the name-table.

With that you could take the best of both approaches.

--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

ASA Syslog Names

theboywhocriedwolf — Tue, 10 Sep 2013 02:51:47 GMT

hi sir,

i sould like to ask how to create a separate server in which ASA will dump logs on it?

i already created a separate syslog server for my ASA, but ASA will not dump logs on it.

thanks