Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1138
Views
0
Helpful
4
Replies

ASA Syslog seperate inbound and outbound

rabihtj77
Level 1
Level 1

‎04-01-2015 12:09 PM - edited ‎03-11-2019 10:43 PM

Dears,

i am using firewall analyzer (https://www.manageengine.com/products/firewall/) to centrally collect, archive, analyze the security device logs and generate forensic reports out of it with detailed bandwith consumption. and the reporting was all wrong so we contacted their support and they said we need to check the consolidated Inbound and Outbound traffic. How to get it as separate In and Out in order to get an accurate reporting to send it to the syslog server

my firewal is ASA 5510

ASA version : 8.2(1)

Labels:
0 Helpful
4 Replies 4

Vibhor Amrodia
Cisco Employee
Cisco Employee

‎04-02-2015 04:09 AM

Hi,

Output of show traffic would help you out.

http://www.cisco.com/c/en/us/td/docs/security/asa/asa-command-reference/S/cmdref3/s13.html#pgfId-1332624

Also , check the interface graphs on the ASDM.

http://www.cisco.com/c/en/us/td/docs/security/asa/asa80/asdm60/user/guide/usrguide/mon_ifc.html#wp1038508

Thanks and Regards,

Vibhor Amrodia

0 Helpful

rabihtj77
Level 1
Level 1
In response to Vibhor Amrodia

‎04-02-2015 04:41 AM

Dear Vibhor,

 

Thank you for your reply, but i need to send the info to a syslog server informational msgs so on asa i setup the syslog ip and chose the informational msgs that i need to send to the syslog server, but the i need to seperate the IN from the OUT in order to let my syslog server read the reports accuratly

 

the syslog ids i am sending are : 302013, 302014,302015,302016 the syslog id 302016 has 

  •  number -A unique identifier
  • interface, real_address, real_port -The actual sockets
  • time -The lifetime of the connection
  • bytes -The data transfer of the connection
  • id -A unique identifier
  • interface, real-address, real-port -The actual sockets
  • duration - The lifetime of the connection
  • bytes -The data transfer of the connection
  • user -The AAA name of the user
  • idfw_user -The name of the identity firewall user      

so i need to seperate the IN and OUT before sending or how to seperate in any means to get accurate reading

0 Helpful

Vibhor Amrodia
Cisco Employee
Cisco Employee
In response to rabihtj77

‎04-02-2015 07:07 AM

Hi,

Using the Syslog , this information cannot be sent.

You can use other features as alternative , Netflow , SNMP etc.

Thanks and Regards,

Vibhor Amrodia

0 Helpful

rabihtj77
Level 1
Level 1
In response to Vibhor Amrodia

‎04-02-2015 11:38 AM

Thanks again for your reply so you mean for ASA 5510 only the outbound and inbound can not be seperated ? coz some other firewalls the syslog sends such info to the syslog server and seperates them in and out so u can read them accurately  

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card