12-09-2015 04:03 AM - edited 02-21-2020 05:38 AM
Dear All ,
We have a cisco asa 5525 firewall which is connected three internal network and one outside networks.
DMZ sec value 90 , inside sec value 80 , Client sec value 70 & outise value 0 .
We need to monitor the outside interface what are the Ip address are communicating & we need the logs to be stored on one place any syslog server , ftp server etc . when facing any issue that time we need to analysis the logs.
I would requesting you all , Please advise me how to manage my firewall outisde interface logs in centrailzed one place eg , syslog server , ftp server , ..
please share any supporting documents too..
thank you for your valuable comments .
12-09-2015 07:12 AM
Logging all TCP and UDP connections can be VERY verbose on a firewall (10s or 100s of thousands of messages per day or more depending on your traffic levels).
That said, it can be done on a ASA as follows:
logging enable
logging buffered notifications
logging host inside <ip address of your syslog server reachable on the inside interface>
The second command sets the level of logs. Informational is severity level 6 and will include all tcp connections, udp flows and icmp messages.
12-09-2015 09:04 PM
Thank you Mr.Marvin , I need one more help & clarification . In My ASDM i can able to monitor the real time log viewer that how to configure to save automatically to my server or any centralized place storage . can you please advise me .
12-10-2015 07:35 PM
The ASDM log viewer is only for display in ASDM.
The exact same messages are available from the syslog facility using the commands I mentioned earlier.
12-10-2015 09:26 PM
Mr.Marvin , i could not get the logs in my syslog server ..
Pls check the below my running configuration.
logging enable
logging buffered debugging
logging trap debugging
logging asdm informational
logging host dmz 192.168.10.10
my syslog server is 192.168.10.10 but so far i am not yet received any logs ..
Can you please help me
12-11-2015 06:58 AM
Those are the correct commands.
Can you verify that the ASA can reach the logging server and that its connected on your DMZ network?
Can you verify the server is listening for syslog messages on the default port (udp/514)?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide