Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1312
Views
0
Helpful
1
Replies

Cisco ASA firewalls - Logging changes made through ASDM

PottaPitot
Level 1
Level 1

‎05-28-2019 06:53 AM

Hi,

We wish to log the firewall rule administration done through the Cisco asdm on the Cisco asa firewalls to our SIEM solution.

Do we need to set the ASDM logging to informational or does setting the logging asdm have any effect on the logs sent to the SIEM for the firewall rules applied through the ASDM?

We have set the logging trap to informational and logging asdm to alerts but we are not seeing all activities or sometimes nothing on the SIEM when the firewall rules are applied through the ASDM.

 

Thanks in advance,

Potta Pitot

Labels:
0 Helpful
1 Reply 1

Seb Rupik
VIP Alumni
VIP Alumni

‎05-28-2019 07:16 AM - edited ‎05-28-2019 07:16 AM

Hi there,

Changing the log level for ASDM will not have any effect on the SIEM device as it is a different target.

You need to change the trap level:

!
logging trap <severity_level>
!

https://www.cisco.com/c/en/us/td/docs/security/asa/asa94/config-guides/cli/general/asa-94-general-config/monitor-syslog.html#ID-2121-00000169

 

cheers,

Seb.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card