Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
984
Views
0
Helpful
5
Replies

how to configure syslogs server with asa 5525 firewall

MANI .P
Level 1
Level 1

‎12-09-2015 04:03 AM - edited ‎02-21-2020 05:38 AM

Dear All ,

      We have a cisco asa 5525 firewall which is connected three internal network and one outside networks. 

DMZ  sec value 90 , inside sec value 80 , Client sec value 70 & outise value 0 .

We need to monitor the outside interface what are the Ip address are communicating & we need the logs to be stored on one place any syslog server , ftp server  etc . when facing any issue that time we need to analysis the logs.

I would requesting you all , Please advise me how to manage my firewall outisde interface logs in centrailzed one place  eg , syslog server , ftp server , ..

please share any supporting  documents too..

thank you for your valuable comments . 

0 Helpful
5 Replies 5

Marvin Rhoads
Hall of Fame
Hall of Fame

‎12-09-2015 07:12 AM

Logging all TCP and UDP connections can be VERY verbose on a firewall (10s or 100s of thousands of messages per day or more depending on your traffic levels).

That said, it can be done on a ASA as follows:

logging enable
logging buffered notifications
logging host inside <ip address of your syslog server reachable on the inside interface>

The second command sets the level of logs. Informational is severity level 6 and will include all tcp connections, udp flows and icmp messages.

0 Helpful

MANI .P
Level 1
Level 1
In response to Marvin Rhoads

‎12-09-2015 09:04 PM

Thank you Mr.Marvin , I need one more help & clarification . In My ASDM i can able to monitor the real time log viewer that how to configure to save automatically to my server or any centralized place storage . can you please advise me . 

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to MANI .P

‎12-10-2015 07:35 PM

The ASDM log viewer is only for display in ASDM.

The exact same messages are available from the syslog facility using the commands I mentioned earlier.

0 Helpful

MANI .P
Level 1
Level 1
In response to Marvin Rhoads

‎12-10-2015 09:26 PM

Mr.Marvin , i could not get the logs in my syslog server ..

Pls check the below my running configuration.

logging enable
logging buffered debugging
logging trap debugging
logging asdm informational
logging host dmz 192.168.10.10 

my syslog server is 192.168.10.10  but so far i am not yet received any logs ..

Can you please help me 

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to MANI .P

‎12-11-2015 06:58 AM

Those are the correct commands.

Can you verify that the ASA can reach the logging server and that its connected on your DMZ network?

Can you verify the server is listening for syslog messages on the default port (udp/514)?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card