I'm new working with ASA. I don't know if someone can help me clarifying my doubt. The firewall is:
IOS 9.0 (1)
ASDM v7.0 (2)
I want to know if there is a way to view logs generated days ago using ASDM. I know I can view it on the dashboard in real time, but I need to see past events. I think the only way it send them to a FTP server. How can I do that configuration in the ASA?
I will be very grateful guys if some of you help me with that.
When you set an ftp server for logging, it only gets a set of log messages when the internal buffer is full. It won't get a file every time a syslog message happens - that would be infeasible to establish a TCP session, logging via ftp and then send a file per message.
The buffer size you use depends in part how many messages you are generating which can be moderated by making the severity threshold more or less high priority. For instance, if you have lugging buffered information, you will get several syslog messages for every session or flow (tcp or udp) through the firewall. That can results in tens of thousand of message per hour. If on the other hand you are only logging error messages or higher, you may get very few messages.
Cisco typically recommends Warning level (Severity 4) as a default. Include lower severity levels (Notification, Informational or Debugging) only for troubleshooting purposes. If there's a specific message at one of those lower level you want to see without all the other messages at that level, you can customize the severity of an individual message so that it shows up at a higher severity level. I do this sometimes for VPN authentications.
For a great session on ASA syslog as a tool, please have a listen to this TAC Security podcast episode:
Episode 32 - Investigating Syslogs: Tips and Tricks