We just installed Botnet on our ASA firewalls. Is there a way to have the botnet logs forwarded to email? I've looked through all the settings and can't seem to find anything. Thanks for the help.
They can go to syslog, and you can then have a daemon parse syslog and send it to you via email if you like. That's usually a scripted method we've used to achieve this.
Create a logging event list (ASDM : Configuration/Logging/Event Lists) Use Message IDs 338201-338202 and 338001-338004)
Then in Logging Filters, enable email and select the event list.
I should add, I don't see how to set the SMTP credentials for email. Anyone?I added the ASA's IP into the SMTP server's trusted list and it works.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: