https://community.cisco.com/t5/network-security/multiple-syslog-servers/m-p/1361727#M923800 <P>I know in the ASA5520 we use, i can created multiple syslog servers to send syslogs to. However, I am</P><P> wondering, is there a way to segment the data?&nbsp; IE - We have a "generic" syslog server that gets all the syslog data (ncluding Informational), but I would like to create a second syslog entry on the ASA (pointing to a different IP address) and have it ONLY send specific message types.</P><P></P><P>Basically, I am wanting to have the messages related to the Botnet filtering send to a differnt syslog server. </P><P></P><P>Is this possible?</P> Fri, 21 Feb 2020 11:53:11 GMT don.click1 2020-02-21T11:53:11Z https://community.cisco.com/t5/network-security/multiple-syslog-servers/m-p/1361727#M923800 <P>I know in the ASA5520 we use, i can created multiple syslog servers to send syslogs to. However, I am</P><P> wondering, is there a way to segment the data?&nbsp; IE - We have a "generic" syslog server that gets all the syslog data (ncluding Informational), but I would like to create a second syslog entry on the ASA (pointing to a different IP address) and have it ONLY send specific message types.</P><P></P><P>Basically, I am wanting to have the messages related to the Botnet filtering send to a differnt syslog server. </P><P></P><P>Is this possible?</P> Fri, 21 Feb 2020 11:53:11 GMT https://community.cisco.com/t5/network-security/multiple-syslog-servers/m-p/1361727#M923800 don.click1 2020-02-21T11:53:11Z https://community.cisco.com/t5/network-security/multiple-syslog-servers/m-p/1361728#M923801 <HTML><HEAD></HEAD><BODY><P>Unfortunately, that cannot be configured.</P><P>The syslogs sent will be the same to all syslog servers.</P><P></P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/monitor.html">http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/monitor.html</A></P><P></P><P>PK</P></BODY></HTML> Tue, 23 Feb 2010 22:23:41 GMT https://community.cisco.com/t5/network-security/multiple-syslog-servers/m-p/1361728#M923801 Panos Kampanakis 2010-02-23T22:23:41Z https://community.cisco.com/t5/network-security/multiple-syslog-servers/m-p/1361729#M923802 <HTML><HEAD></HEAD><BODY><P>Here is a thought may be this might work for you.</P><P></P><P>Refer this link for botnet:</P><P><A href="https://community.cisco.com/docs/DOC-8782">https://supportforums.cisco.com/docs/DOC-8782</A></P><P>botnet syslogs</P><P>338001 - 338004</P><P>338101 - 338104</P><P>338201 - 338204</P><P>338301 - 338310</P><P></P><P><SPAN>Refer this link for logging commands:</SPAN><A class="jive-link-external-small" href="http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/l2.html#wp1772272">http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/l2.html#wp1772272</A></P><P><SPAN class="cExBold">1. configure a logging list and send it to buffer and wrap that to ftp server</SPAN></P><P><SPAN class="cExBold"><BR /></SPAN><SPAN class="content"></SPAN></P><DIV class="pEx1_Example1"><PRE>hostname(config)#<SPAN class="cExBold"> logging list my-list </SPAN>338001 - 338004<BR /><SPAN class="content"><PRE>hostname(config)#<SPAN class="cExBold"> logging list my-list </SPAN>338101 - 338104</PRE> </SPAN>hostname(config)#<SPAN class="cExBold"> logging list my-list </SPAN>338201 - 338204<BR />hostname(config)# <SPAN class="cExBold">logging list my-list </SPAN>338301 - 33831<SPAN class="content"><BR /> <PRE><SPAN class="content"><PRE><SPAN class="content"><PRE>hostname(config)#<SPAN style="font-style: normal; font-weight: bold; color: black;"> </SPAN><SPAN class="cExBold">logging buffered my-list<BR /></SPAN><SPAN class="content"><DIV class="pEx1_Example1">hostname(config)# <STRONG class="cBold">logging ftp-server 10.10.10.1 /syslogs userid password</STRONG></DIV><DIV class="pEx1_Example1">hostname(config)# <SPAN class="cExBold">logging ftp-bufferwrap<BR /><BR />2 Then you can send other syslogs to another syslog server<BR /><BR /></SPAN><SPAN class="content"><PRE><SPAN class="content"><PRE><SPAN class="content"><PRE><SPAN class="content"><PRE><SPAN class="content">hostname(config)# logging trap 3<BR /></SPAN><SPAN class="content"><PRE><SPAN class="content"><PRE><SPAN class="content"><PRE><SPAN class="content"><PRE><SPAN class="content">hostname(config)# logging host inside 10.10.10.2<BR /><BR />-KS</SPAN></PRE> <BR /></SPAN></PRE> <BR /></SPAN></PRE> <BR /></SPAN></PRE> <BR /></SPAN></PRE> <BR /></SPAN></PRE> <BR /></SPAN></PRE> <BR /></SPAN></PRE> <BR /></SPAN><BR /><BR /></DIV> <BR /></SPAN><BR /></PRE> <BR /></SPAN></PRE> <BR /></SPAN></PRE> <BR /></SPAN></PRE></DIV><BR /><DIV class="pEx1_Example1"> </DIV><BR /><DIV class="pEx1_Example1"> </DIV><BR /><DIV class="pEx1_Example1"><PRE><SPAN class="cExBold"><BR /></SPAN></PRE></DIV><P></P></BODY></HTML> Sun, 14 Mar 2010 22:46:43 GMT https://community.cisco.com/t5/network-security/multiple-syslog-servers/m-p/1361729#M923802 Kureli Sankar 2010-03-14T22:46:43Z https://community.cisco.com/t5/network-security/multiple-syslog-servers/m-p/1361730#M923803 <HTML><HEAD></HEAD><BODY><P>I was wondering also if there is a way to send only specific log messages (defined by the logging list) to one server while still sending the rest to another syslog server? <SPAN __jive_emoticon_name="confused" __jive_macro_name="emoticon" class="jive_macro jive_emote" src="https://community.cisco.com/4.5.4/images/tiny_mce3/plugins/jiveemoticons/images/spacer.gif"></SPAN></P></BODY></HTML> Thu, 21 Nov 2013 17:54:40 GMT https://community.cisco.com/t5/network-security/multiple-syslog-servers/m-p/1361730#M923803 dartgenov 2013-11-21T17:54:40Z