02-23-2010 11:01 AM - edited 02-21-2020 03:53 AM
I know in the ASA5520 we use, i can created multiple syslog servers to send syslogs to. However, I am
wondering, is there a way to segment the data? IE - We have a "generic" syslog server that gets all the syslog data (ncluding Informational), but I would like to create a second syslog entry on the ASA (pointing to a different IP address) and have it ONLY send specific message types.
Basically, I am wanting to have the messages related to the Botnet filtering send to a differnt syslog server.
Is this possible?
02-23-2010 02:23 PM
Unfortunately, that cannot be configured.
The syslogs sent will be the same to all syslog servers.
http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/monitor.html
PK
03-14-2010 03:46 PM
Here is a thought may be this might work for you.
Refer this link for botnet:
https://supportforums.cisco.com/docs/DOC-8782
botnet syslogs
338001 - 338004
338101 - 338104
338201 - 338204
338301 - 338310
Refer this link for logging commands:http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/l2.html#wp1772272
1. configure a logging list and send it to buffer and wrap that to ftp server
hostname(config)# logging list my-list 338001 - 338004hostname(config)# logging list my-list 338101 - 338104
hostname(config)# logging list my-list 338201 - 338204
hostname(config)# logging list my-list 338301 - 33831
hostname(config)# logging buffered my-listhostname(config)# logging ftp-server 10.10.10.1 /syslogs userid passwordhostname(config)# logging ftp-bufferwrap
2 Then you can send other syslogs to another syslog server
hostname(config)# logging trap 3
hostname(config)# logging host inside 10.10.10.2
-KS
11-21-2013 09:54 AM
I was wondering also if there is a way to send only specific log messages (defined by the logging list) to one server while still sending the rest to another syslog server?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide