Buy or Renew
Buy or Renew
NOTICE: The community will be in READ-ONLY Sept. 6 – 9 to add Umbrella release notes and announcements. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3172
Views
0
Helpful
2
Replies

Connecting Cisco ASA to Azure Sentinel

g.karthick
Level 1
Level 1

‎02-16-2022 08:56 PM

Hello,

 

We are trying to send Cisco ASA logs to Azure Sentinel. In Cisco ASA firewall logging level is set to 7 Debugging and Azure Sentinel couldn't process/read the logs hence Sentinel team is asking to change the logging level to 4 or 6... I would like to understand if I change the logging level to 4  will i lose potential information.

 

As best practice which logging level should be maintained in Cisco ASA. ?

2 people had this problem
0 Helpful
2 Replies 2

Sheraz.Salim
VIP
VIP

‎02-17-2022 12:23 AM - edited ‎02-17-2022 12:40 AM

Sentinel is right you cant have 7 debugging. your best option is 4 or 6. In normal SIEM solution you enable the 4 or 6 logging to sent over to SIEMs.

 

 

As best practice which logging level should be maintained in Cisco ASA. ?

what you can do is enable the buffered-size debug 7 this will create a buffer here  in flash order to keep your log when you want to view them this will not impact your ASA performance.

here this will help you what you can do to keep the Advance logs.

 

please do not forget to rate.
0 Helpful

g.karthick
Level 1
Level 1
In response to Sheraz.Salim

‎02-20-2022 04:17 AM

Thanks the reply !!

We changed the logging to level 6 still no logs showed up in sentinel we are troubleshooting it. We depend on logging 7 for VPN related troubleshooting so it something to think about So all the SIEM solution has this challenge when the logging is set to 7 ?
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card