https://community.cisco.com/t5/network-security/syslog-best-practices/m-p/2220151#M347986 <P>We need to have our syslog server facing the internet to aid in troubleshooting clients.&nbsp; And it's random when I'd need it and I'd rather not be going back to the firewall and opening the port while i need it, shut it down later, open it again, and so on.</P><P></P><P>those with public facing syslog servers, what do you do?&nbsp; just open up udp514 and hope for the best?</P><P></P><P>thanks for some input.</P> Tue, 12 Mar 2019 01:58:23 GMT WStoffel1 2019-03-12T01:58:23Z https://community.cisco.com/t5/network-security/syslog-best-practices/m-p/2220151#M347986 <P>We need to have our syslog server facing the internet to aid in troubleshooting clients.&nbsp; And it's random when I'd need it and I'd rather not be going back to the firewall and opening the port while i need it, shut it down later, open it again, and so on.</P><P></P><P>those with public facing syslog servers, what do you do?&nbsp; just open up udp514 and hope for the best?</P><P></P><P>thanks for some input.</P> Tue, 12 Mar 2019 01:58:23 GMT https://community.cisco.com/t5/network-security/syslog-best-practices/m-p/2220151#M347986 WStoffel1 2019-03-12T01:58:23Z https://community.cisco.com/t5/network-security/syslog-best-practices/m-p/2220152#M347987 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>We if we are talking about ASA firewall then I guess you can always create an ACL rule for all the customers that you might need to open up the Syslog traffic for. When you dont need to have those ports open on the ASA then you can turn them "inactive" either trought the ASDM or CLI and leave the actual rules to the configuration.</P><P></P><P>Naturally if you are sending Syslog through the Internet you might want to consider perhaps even building a L2L VPN connection between your site and the customer site and tunneling their Syslog traffic through that L2L VPN connection. I have for example a couple of times configured L2L VPN between an ASA and one of our VPN gateway so that the remote customer ASA can sends its own Syslogs through the L2L VPN connection.</P><P></P><P>Then I guess you might want to consider configuring the Syslog to use TCP instead of UDP on the ASA. In this case I would recommend using "logging permit-hostdown" command since if you dont have it configured on an ASA and enable TCP Syslogging which for some reason isnt able to contact the Syslog server then ALL traffic through the ASA will be blocked. And you probably wont want that.</P><P></P><P>I am not sure if there is any convinien way to manage the rules either than maybe handle setting them "active" or "inactive" through the ASDM. I would imagine in this case the managing of those rules would be faster and more convinient through ASDM even though I personally do all ACL configurations through the CLI</P><P></P><P>Hope this helps <SPAN __jive_emoticon_name="happy" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/4.5.4/images/emoticons/happy.gif"></SPAN></P><P></P><P>- Jouni</P></BODY></HTML> Sat, 15 Jun 2013 11:31:33 GMT https://community.cisco.com/t5/network-security/syslog-best-practices/m-p/2220152#M347987 Jouni Forss 2013-06-15T11:31:33Z https://community.cisco.com/t5/network-security/syslog-best-practices/m-p/2220153#M347988 <HTML><HEAD></HEAD><BODY><P>As always, thanks for the insightful help!</P></BODY></HTML> Mon, 17 Jun 2013 17:24:19 GMT https://community.cisco.com/t5/network-security/syslog-best-practices/m-p/2220153#M347988 WStoffel1 2013-06-17T17:24:19Z https://community.cisco.com/t5/network-security/syslog-best-practices/m-p/2220154#M347989 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Glad if it was of some help <SPAN __jive_emoticon_name="happy" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/4.5.4/images/emoticons/happy.gif"></SPAN></P><P></P><P>Please do take the time to either mark the reply as the correct answer IF it answered your question. Or rate helpfull answers.</P><P></P><P>- Jouni</P></BODY></HTML> Mon, 17 Jun 2013 17:27:54 GMT https://community.cisco.com/t5/network-security/syslog-best-practices/m-p/2220154#M347989 Jouni Forss 2013-06-17T17:27:54Z