cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
414
Views
0
Helpful
2
Replies

New connection event on ASA to Syslog

sudip.acharya1
Level 1
Level 1

Hi,

I want to send new connection (TCP, UDP, or ICMP) events that are on the ASA to my central syslog. FOr instance, if a an IP address creates a TCP connection to a web server, I would like that event to be sent to the syslog.

One way I accomplish this is by enabling debug and sending ALL the events to the syslog but with this method, its going to undue stress on the ASA and fill up the syslog server with unnecessary events.

Is there more efficient way to do this?

2 Accepted Solutions

Accepted Solutions

Philip D'Ath
VIP Alumni
VIP Alumni

I don't think it will hurt the ASA that much, especially if you are using normal UDP logging.  I think you only need "informational" as well, rather than "debug".

The other way is to create a logging list, and specify the events to log - but you'll probably find 99% of the messages logged with be flow messages anyway so you probably wont save much.

View solution in original post

Aditya Ganjoo
Cisco Employee
Cisco Employee

Hi Sudip,

You can try using a customized logging list for syslogs.

Please check the following document:

How to enable Logging List on ASA:

https://supportforums.cisco.com/document/73511/how-enable-syslogs-asa

Regards,

Aditya

Please rate helpful posts.

View solution in original post

2 Replies 2

Philip D'Ath
VIP Alumni
VIP Alumni

I don't think it will hurt the ASA that much, especially if you are using normal UDP logging.  I think you only need "informational" as well, rather than "debug".

The other way is to create a logging list, and specify the events to log - but you'll probably find 99% of the messages logged with be flow messages anyway so you probably wont save much.

Aditya Ganjoo
Cisco Employee
Cisco Employee

Hi Sudip,

You can try using a customized logging list for syslogs.

Please check the following document:

How to enable Logging List on ASA:

https://supportforums.cisco.com/document/73511/how-enable-syslogs-asa

Regards,

Aditya

Please rate helpful posts.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: