Re: Can a ASA use it's loopback interface to send traffic to syslog?

Rayman99 · ‎10-29-2024

I have an ASA at a remote location that connects back to the DC through VPN. I use a loopback interface on the ASA for remote management and I've also configured that loopback to talk to our syslog server in the DC. However the syslog is only getting user events from the ASA, such as changes that I make on the firewall and my SSH logins. Is there a way to send allowed and denied traffic going through the firewall to the syslog if I'm using a loopback interface ? For reference this is the command I'm using to talk to syslog "logging host <loopback> <syslog IP> <syslog port>"

Kasun Bandara · ‎10-29-2024

@Rayman99 hi, check if below links helps your requirement

https://www.cisco.com/c/en/us/support/docs/security/adaptive-security-appliance-asa-software/116171-qanda-asa-00.html

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB

MHM Cisco World · ‎10-29-2024

if you add log in end of ACL then each permit/deny will generate log and send can send to syslog

Send ACL logs to syslog in ASA | Security

MHM

Rayman99 · ‎10-30-2024

I tried that and is not working.

MHM Cisco World · ‎10-30-2024

Can I see the config of logging and acl ?

MHM

ksAlec · ‎10-29-2024

logging source-interface ?

Cristian Matei · ‎10-30-2024

Hi,

What is your ASA version? Looks like syslog with Loopback support was added in 9.18(2) build: https://www.cisco.com/c/en/us/td/docs/security/asa/asa920/configuration/general/asa-920-general-config/interface-loopback.pdf

Also, technically speaking, you would need to set Loopback as "management-access", however not sure if it's functional or required for Loopback: https://www.cisco.com/c/en/us/support/docs/security/adaptive-security-appliance-asa-software/116171-qanda-asa-00.html

Best,

Cristian.