https://community.cisco.com/t5/network-security/syslog-from-asa/m-p/1327335#M791217 <HTML><HEAD></HEAD><BODY><P><SPAN style="font-family: comic sans ms,sans-serif;">Thanks,</SPAN></P><P><SPAN style="font-family: comic sans ms,sans-serif;">I did try with the same config. But, the server is connected off subsidary interface and i have given "inside" interface in the login command.</SPAN></P><P><SPAN style="font-family: comic sans ms,sans-serif;">Could that cause any issues or do i need any specific rules to get this working.</SPAN></P><P><SPAN style="font-family: comic sans ms,sans-serif;"><BR /></SPAN></P><P><SPAN style="font-family: comic sans ms,sans-serif;">Appreciate your help.</SPAN></P></BODY></HTML> Mon, 07 Dec 2009 10:17:13 GMT suthomas1 2009-12-07T10:17:13Z https://community.cisco.com/t5/network-security/syslog-from-asa/m-p/1327333#M791215 <P><SPAN style="font-family: comic sans ms,sans-serif;">I have an ASA which has been configured with forwarding all logs to an external attached Syslog server. default udp is being used to have this work. Requirement is to have the firewall log all traffic to this syslog server. But somehow it doesnt seem to work.</SPAN></P><P>Syslog server doesnt seem to receive any logs. I am in a dilemma as to how this should be checked on the firewall.</P><P><SPAN style="font-family: comic sans ms,sans-serif;">When we say ASA should log all traffic to this server, which interface will it use to forward traffic to syslog and whether i should have specific rules on this interface to do so. Is there a way we can see whether the traffic is passing from firewall to syslog or not?</SPAN></P><P></P><P><SPAN style="font-family: comic sans ms,sans-serif;">Following are the interfaces on the ASA with security level:</SPAN></P><P><SPAN style="font-family: comic sans ms,sans-serif;"><BR /></SPAN></P><P><SPAN style="font-family: comic sans ms,sans-serif;">Inside - Level 100</SPAN></P><P><SPAN style="font-family: comic sans ms,sans-serif;">dmz servers - 20</SPAN></P><P><SPAN style="font-family: comic sans ms,sans-serif;">subsidary - 50</SPAN></P><P><SPAN style="font-family: comic sans ms,sans-serif;">Outside - 0 </SPAN></P><P><SPAN style="font-family: comic sans ms,sans-serif;"><BR /></SPAN></P><P><SPAN style="font-family: comic sans ms,sans-serif;">This syslog server is connected on the subsidary interface.</SPAN></P><P><SPAN style="font-family: comic sans ms,sans-serif;">Current configuration is:&nbsp; logging host inside 192.168.100.11</SPAN></P><P></P><P><SPAN style="font-family: comic sans ms,sans-serif;">Please suggest.</SPAN></P><P><SPAN style="font-family: comic sans ms,sans-serif;"><BR /></SPAN></P><P><SPAN style="font-family: comic sans ms,sans-serif;">Thank You.</SPAN></P> Mon, 11 Mar 2019 16:45:57 GMT https://community.cisco.com/t5/network-security/syslog-from-asa/m-p/1327333#M791215 suthomas1 2019-03-11T16:45:57Z https://community.cisco.com/t5/network-security/syslog-from-asa/m-p/1327334#M791216 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>We have to specify that using which interface that traffic has to pass. other wise it won't send the log information to syslog server.</P><P></P><P>below mentioned is the sample configuration, try with this one and let me know if you have any issue. </P><P></P><P>logging enable<BR />logging timestamp<BR />logging standby<BR />logging buffer-size 125000<BR />logging console alerts<BR />logging buffered notifications<BR />logging trap notifications<BR />logging asdm notifications<BR />logging facility 22<BR />logging device-id hostname<BR />logging host inside X.X.X.X (inside is the nothing but interface name of the inside interface)</P></BODY></HTML> Mon, 07 Dec 2009 03:55:02 GMT https://community.cisco.com/t5/network-security/syslog-from-asa/m-p/1327334#M791216 chaitu_kranthi 2009-12-07T03:55:02Z https://community.cisco.com/t5/network-security/syslog-from-asa/m-p/1327335#M791217 <HTML><HEAD></HEAD><BODY><P><SPAN style="font-family: comic sans ms,sans-serif;">Thanks,</SPAN></P><P><SPAN style="font-family: comic sans ms,sans-serif;">I did try with the same config. But, the server is connected off subsidary interface and i have given "inside" interface in the login command.</SPAN></P><P><SPAN style="font-family: comic sans ms,sans-serif;">Could that cause any issues or do i need any specific rules to get this working.</SPAN></P><P><SPAN style="font-family: comic sans ms,sans-serif;"><BR /></SPAN></P><P><SPAN style="font-family: comic sans ms,sans-serif;">Appreciate your help.</SPAN></P></BODY></HTML> Mon, 07 Dec 2009 10:17:13 GMT https://community.cisco.com/t5/network-security/syslog-from-asa/m-p/1327335#M791217 suthomas1 2009-12-07T10:17:13Z https://community.cisco.com/t5/network-security/syslog-from-asa/m-p/1327336#M791218 <HTML><HEAD></HEAD><BODY><P>G'day,</P><P></P><P>I would recommend using the <SPAN style="font-family: comic sans ms,sans-serif;">subsidary</SPAN> interface in your command as that is where your syslog server resides.</P><P></P><P>So, try</P><P></P><P>no logging host inside 192.168.100.11</P><P>logging host <SPAN style="font-family: comic sans ms,sans-serif;">subsidary 192.168.100.11</SPAN></P><P></P><P>Cheers,</P><P></P><P>Conor</P></BODY></HTML> Mon, 07 Dec 2009 13:17:28 GMT https://community.cisco.com/t5/network-security/syslog-from-asa/m-p/1327336#M791218 Conor Cunningham 2009-12-07T13:17:28Z