Multiple Syslog Servers

don.click1 · ‎02-23-2010

I know in the ASA5520 we use, i can created multiple syslog servers to send syslogs to. However, I am

wondering, is there a way to segment the data? IE - We have a "generic" syslog server that gets all the syslog data (ncluding Informational), but I would like to create a second syslog entry on the ASA (pointing to a different IP address) and have it ONLY send specific message types.

Basically, I am wanting to have the messages related to the Botnet filtering send to a differnt syslog server.

Is this possible?

Panos Kampanakis · ‎02-23-2010

Unfortunately, that cannot be configured.

The syslogs sent will be the same to all syslog servers.

http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/monitor.html

PK

Kureli Sankar · ‎03-14-2010

Here is a thought may be this might work for you.

Refer this link for botnet:

https://supportforums.cisco.com/docs/DOC-8782

botnet syslogs

338001 - 338004

338101 - 338104

338201 - 338204

338301 - 338310

Refer this link for logging commands:http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/l2.html#wp1772272

1. configure a logging list and send it to buffer and wrap that to ftp server

hostname(config)# logging list my-list 338001 - 338004
hostname(config)# logging list my-list 338101 - 338104
hostname(config)# logging list my-list 338201 - 338204
hostname(config)# logging list my-list 338301 - 33831

hostname(config)# logging buffered my-list
hostname(config)# logging ftp-server 10.10.10.1 /syslogs userid password
hostname(config)# logging ftp-bufferwrap

2 Then you can send other syslogs to another syslog server

hostname(config)# logging trap 3
hostname(config)# logging host inside 10.10.10.2

-KS

dartgenov · ‎11-21-2013

I was wondering also if there is a way to send only specific log messages (defined by the logging list) to one server while still sending the rest to another syslog server?