https://community.cisco.com/t5/network-security/asa-5550-two-different-syslogs-servers/m-p/1450766#M614901 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P>just to take you updated and to suggest a solution to other users that need to solve the same problem, I want to tell you that I've solved it as you told me, and it's working. In detail, I've created a logging list with all the auth events I need, and I've configured the ASA to send a SNMP trap to a target device (Qradar Appliance in my case) that stores all the events. This solution is not very simple to manage, and I hope that Cisco can upgrade ASA's syslog functions and features in the next releases, but can help you in having different logs sent to different destinations, as requested to the Italian's laws to audit login and logout of administrators. Thanks for your help.</P></BODY></HTML> Sun, 20 Mar 2011 22:09:24 GMT acimalacqua 2011-03-20T22:09:24Z https://community.cisco.com/t5/network-security/asa-5550-two-different-syslogs-servers/m-p/1450760#M614895 <P>Hi to all.</P><P>In my Cisco ASA 5550, I need to set two different syslogs servers, and I need to send the system logs to the first one (only admins login/logout), and the traffic logs and all the rest (informational level) to the second one. Do you know if is it possible or not and, if yes, how to configure it? All suggestions will be really appreciated. Thanks.</P> Mon, 11 Mar 2019 18:23:16 GMT https://community.cisco.com/t5/network-security/asa-5550-two-different-syslogs-servers/m-p/1450760#M614895 acimalacqua 2019-03-11T18:23:16Z https://community.cisco.com/t5/network-security/asa-5550-two-different-syslogs-servers/m-p/1450761#M614896 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>As per my reserch it is not possible to have two syslog server configured and working at same time.</P><P></P><P>They can be configured as primary and secondary.</P><P></P><P>Regards,</P><P>Nitin agarwal.</P></BODY></HTML> Tue, 10 Aug 2010 14:58:54 GMT https://community.cisco.com/t5/network-security/asa-5550-two-different-syslogs-servers/m-p/1450761#M614896 Nitin Agarwal 2010-08-10T14:58:54Z https://community.cisco.com/t5/network-security/asa-5550-two-different-syslogs-servers/m-p/1450762#M614897 <HTML><HEAD></HEAD><BODY><P>Hi Alessandro,</P><P></P><P>You can configure multiple syslog servers using multiple 'logging host' commands, such as:</P><P></P><P>logging trap warnings</P><P>logging host inside 10.1.1.1</P><P>logging host inside 10.1.1.2</P><P></P><P>This will send syslogs to both servers. However,&nbsp; it does not meet your second requirement of sending different logs to each host. For that, you would have to use a different logging facility, such as 'logging mail' or 'logging asdm'.</P><P></P><P>Hope that helps.</P><P></P><P>-Mike</P></BODY></HTML> Tue, 10 Aug 2010 15:15:12 GMT https://community.cisco.com/t5/network-security/asa-5550-two-different-syslogs-servers/m-p/1450762#M614897 mirober2 2010-08-10T15:15:12Z https://community.cisco.com/t5/network-security/asa-5550-two-different-syslogs-servers/m-p/1450763#M614898 <HTML><HEAD></HEAD><BODY><P>Alessandro,</P><P>You can send the same warning level to both syslogs servers.</P><P></P><P>You cannot send debug to one syslog server and critical to the other syslog server.</P><P></P><P>That would be nice if we can do that.&nbsp; May be an ENH request is filed somewhere.</P><P></P><P>-KS</P></BODY></HTML> Tue, 10 Aug 2010 17:37:29 GMT https://community.cisco.com/t5/network-security/asa-5550-two-different-syslogs-servers/m-p/1450763#M614898 Kureli Sankar 2010-08-10T17:37:29Z https://community.cisco.com/t5/network-security/asa-5550-two-different-syslogs-servers/m-p/1450764#M614899 <HTML><HEAD></HEAD><BODY><P>Thanks to all, guys.</P><P>I supposed it. I succeded to set two syslogs servers, but I had the "problem" to have the same logging level in both of them (just a "replica" of logs). I hope that Cisco can make this upgrade in the future, because it will be very usefull in my company to have different recipients for the logs. My area needs to have traffic logs for troubleshooting and a security area needs to have only the admin's login and logout to track them for Italian's laws. I'll keep in touch about this upgrade... Thanks again. Have a nice holidays.</P></BODY></HTML> Tue, 10 Aug 2010 20:19:49 GMT https://community.cisco.com/t5/network-security/asa-5550-two-different-syslogs-servers/m-p/1450764#M614899 acimalacqua 2010-08-10T20:19:49Z https://community.cisco.com/t5/network-security/asa-5550-two-different-syslogs-servers/m-p/1450765#M614900 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>While there is a limitation in the syslog server configurations, you could</P><P>use other logging methods to collect specific information. While it is not</P><P>very efficient method, if you are just concerned about login/logout messages</P><P>for security audit purposes, you could use email logging. You can create a</P><P>logging list and then send those messages to your email.</P><P></P><P>Example:</P><P></P><P>logging list mail message 111008</P><P>logging list mail message 111004</P><P></P><P>logging from-address </P><P></P><P>You can do similar things by sending specific log events to SNMP server as</P><P>well.</P><P></P><P>Hope this helps.</P><P></P><P>Regards,</P><P></P><P>NT</P></BODY></HTML> Wed, 11 Aug 2010 05:44:43 GMT https://community.cisco.com/t5/network-security/asa-5550-two-different-syslogs-servers/m-p/1450765#M614900 Nagaraja Thanthry 2010-08-11T05:44:43Z https://community.cisco.com/t5/network-security/asa-5550-two-different-syslogs-servers/m-p/1450766#M614901 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P>just to take you updated and to suggest a solution to other users that need to solve the same problem, I want to tell you that I've solved it as you told me, and it's working. In detail, I've created a logging list with all the auth events I need, and I've configured the ASA to send a SNMP trap to a target device (Qradar Appliance in my case) that stores all the events. This solution is not very simple to manage, and I hope that Cisco can upgrade ASA's syslog functions and features in the next releases, but can help you in having different logs sent to different destinations, as requested to the Italian's laws to audit login and logout of administrators. Thanks for your help.</P></BODY></HTML> Sun, 20 Mar 2011 22:09:24 GMT https://community.cisco.com/t5/network-security/asa-5550-two-different-syslogs-servers/m-p/1450766#M614901 acimalacqua 2011-03-20T22:09:24Z https://community.cisco.com/t5/network-security/asa-5550-two-different-syslogs-servers/m-p/1450767#M614902 <HTML><HEAD></HEAD><BODY><P>Hi Alessandro </P><P></P><P>can you please send me the solution ? i have the same proble and need to configure it. i will be happy to get the syslog config you don on the ASA </P><P>Thanks </P><P></P><P></P><P></P><P>Alain</P></BODY></HTML> Mon, 17 Feb 2014 10:11:44 GMT https://community.cisco.com/t5/network-security/asa-5550-two-different-syslogs-servers/m-p/1450767#M614902 Alain-Florent Essome 2014-02-17T10:11:44Z https://community.cisco.com/t5/network-security/asa-5550-two-different-syslogs-servers/m-p/1450768#M614903 <HTML><HEAD></HEAD><BODY><P>Pls. refer <A href="https://tools.cisco.com/bugsearch/bug/%3Ca%20href='https://www.cisco.com/cisco/psn/bssprt/bss?searchType=bstbugidsearch&amp;page=bstBugDetail&amp;BugID=CSCea93753'%20target='_blank'%3ECSCea93753%3C/a%3E/?reffering_site=dumpcr">CSCea93753</A>. It is still not resolved. You are welcome to add your comments to the enhancement request.</P><P></P><P>-Kureli</P></BODY></HTML> Mon, 17 Feb 2014 14:44:56 GMT https://community.cisco.com/t5/network-security/asa-5550-two-different-syslogs-servers/m-p/1450768#M614903 Kureli Sankar 2014-02-17T14:44:56Z https://community.cisco.com/t5/network-security/asa-5550-two-different-syslogs-servers/m-p/1450769#M614904 <P>Hello,</P> <P>I am currently facing the same issue and need a solution. Did you ever find one?</P> <P>Regards,</P> <P>Abdhija</P> Thu, 30 Mar 2017 08:52:43 GMT https://community.cisco.com/t5/network-security/asa-5550-two-different-syslogs-servers/m-p/1450769#M614904 abdhija.s 2017-03-30T08:52:43Z