09-02-2013 04:49 AM - edited 03-11-2019 07:33 PM
Hello All,
Is anyone aware if it is possible to control the syslog name resolution independently of the names/no names configuration command of the ASA?
I have a large number of devices deployed across a network, all log to a central SYSLOG service. Generally names is enabled on the firewalls and SYSLOG output consequently includes the names. However, occasionally during troubleshooting names are turned off on the firewall 'no names', unforetunately this then means that all syslog output then only has the IP addresses included. When searching through syslog output at a later date it then means that logs could appear in one of two formats i.e. with names or without.
Is there a way to consistently output either names or IP's in syslog messages independently of the 'names/no names' config? Something like 'logging names' or 'logging no names' would be nice?
Many thanks,
Andy
09-02-2013 05:18 AM
Because of this inconsistency I try to never use the names if possible. With that I know hat the syslog always includes the IP regardless for which system I'm searching. If you are using a linux/unix syslog server the following scenario should be quite easy to implement:
1) Build a name-table on the syslog-server with an IP to name-mapping
2) build a script that changes the IP to the name based on the name-table.
With that you could take the best of both approaches.
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
09-09-2013 07:51 PM
hi sir,
i sould like to ask how to create a separate server in which ASA will dump logs on it?
i already created a separate syslog server for my ASA, but ASA will not dump logs on it.
thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide