topic Set up a SYSLOG Server - ASA in Network Security

Set up a SYSLOG Server - ASA

aryarahul — Tue, 12 Mar 2019 01:07:29 GMT

Hi,

I want to set up a syslog server for capturing ASA logs , i have enabled logging through ASDM on an interface directing towards ip 192.168.x.x

But what do i need to set up on 192.168.x.x to capture the logs ?? where can i see those logs on the syslog server ???

Set up a SYSLOG Server - ASA

Jouni Forss — Thu, 28 Feb 2013 10:07:53 GMT

Hi,

You naturally need a software on the actual server that would handle the logs.

I imagine there are several softwares that can handle handle this.

Sadly I dont personally set up our servers, I just use them. I think we have Linux servers setup as Syslog servers and I use the CLI through SSH connection to parse/filter through the logs I need.

- Jouni

Set up a SYSLOG Server - ASA

James Leinweber — Thu, 28 Feb 2013 15:41:16 GMT

The syslog server details vary, of course, depending one what server you are running. For rsyslog on Redhat enterprise 6 I use a configuration similar to:

On the ASA:

logging enable

logging timestamp

logging buffer-size 40960

logging trap informational

logging facility 22

logging host AN-INTERFACE SYSLOG-IP

On the Linux box, in /etc/rsyslog.conf

$ModLoad imudp

$UDPServerRun 514

...

local6.* /var/log/asa/asa.log

Next you need some log rotation, log analysis, etc. And you have to do:

mkdir /var/log/asa

to create the destination.

The point of specifying the facility (22 aka local6) is to allow the firewall logs to be easily segregated from other logs.

-- Jim Leinweber, WI State Lab of Hygiene

Set up a SYSLOG Server - ASA

aryarahul — Sat, 02 Mar 2013 05:40:00 GMT

Thanks for the replies

apart from linux how can i capture logs in a Windows Server , what softwares should i be running ??

Set up a SYSLOG Server - ASA

aryarahul — Wed, 10 Apr 2013 06:59:38 GMT

how can it be configured on a windows Machine anyone ???

Set up a SYSLOG Server - ASA

patoberli — Wed, 10 Apr 2013 09:46:05 GMT

There you go: http://www.lmgtfy.com/?q=syslog+server+windows

You can use one that costs or one that is free.

Set up a SYSLOG Server - ASA

hobbe — Wed, 10 Apr 2013 13:45:41 GMT

Hi Rahul Arya

Well you install a syslog server software

There are many different syslog server software out on the net.

Some are free to install and use and some you have to pay for.

One that I like is the Kiwi syslog server. (now from solarwinds)

There are two versions available of that server, the paid with some extra bells and whistles and the free bare one.

One nice part is that it has the possibility to do windows -> syslog logging with a little log forwarder.

Then you are going to need software to analyse the information in the syslog file.

I would start with grep (also software to be installed in windows. but there is a "similar" command in windows. the "Find" command.

Then you can go to more advanced software like splunk and so on.

Good luck

HTH

Set up a SYSLOG Server - ASA

aryarahul — Wed, 29 May 2013 05:14:43 GMT

Thanks Hobbe

Kiwi did the job...