01-02-2015 07:55 AM - edited 03-11-2019 10:17 PM
Hey all, are the hard drive bays on the front of ASA 5580s usable? I'm not finding any documentation regarding those bays and like the idea of using it for local log storage rather than storing logs on the 1gig of flash. We've been hitting limits on the number of logs our syslog server can process from these firewalls and I was thinking of sending all the logs to local disk (if possible) them moving them off to another server every 8-12 hours.
Solved! Go to Solution.
01-02-2015 09:41 AM
When Cisco originally introduced the 5580, they mentioned that the hard drive bays were "for future expansion". However, they never followed up with offering any supported drives or use for the bays.
They are there only because the original hardware platform was based on a 3rd party (HP) server. I don't believe the ASA system software would recognize any drives you installed in them.
As far as logs, best practice is to limit logging to level 4 or so - unless you are troubleshooting or have a legal or regulatory requirement to send off the more verbose level 5 and 6 log messages.
01-02-2015 09:52 AM
I do not believe that this is possible. When logging to flash you only have the option to log to the internal flash, disk0 by default. All other disks which you insert into the ASA will be defined as external flash.
However you can tell the ASA that when the buffer is almost full and about to "wrap around" itself (ie. overwrite existing logs) to send the logs to a syslog server. Something like this:
The following commands tells the ASA to save logs to the buffer until it is full and then send it to an FTP server. The /Syslogs specifies the directory path on the FTP server followed by the username and password for the FTP server.
logging flash-bufferwrap
logging ftp-server 10.1.1.1 /Syslogs FTPadminUsername FTPadminPassword
--
Please remember to select a correct answer and rate helpful posts
01-02-2015 09:41 AM
When Cisco originally introduced the 5580, they mentioned that the hard drive bays were "for future expansion". However, they never followed up with offering any supported drives or use for the bays.
They are there only because the original hardware platform was based on a 3rd party (HP) server. I don't believe the ASA system software would recognize any drives you installed in them.
As far as logs, best practice is to limit logging to level 4 or so - unless you are troubleshooting or have a legal or regulatory requirement to send off the more verbose level 5 and 6 log messages.
01-02-2015 09:52 AM
I do not believe that this is possible. When logging to flash you only have the option to log to the internal flash, disk0 by default. All other disks which you insert into the ASA will be defined as external flash.
However you can tell the ASA that when the buffer is almost full and about to "wrap around" itself (ie. overwrite existing logs) to send the logs to a syslog server. Something like this:
The following commands tells the ASA to save logs to the buffer until it is full and then send it to an FTP server. The /Syslogs specifies the directory path on the FTP server followed by the username and password for the FTP server.
logging flash-bufferwrap
logging ftp-server 10.1.1.1 /Syslogs FTPadminUsername FTPadminPassword
--
Please remember to select a correct answer and rate helpful posts
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide