Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
420
Views
0
Helpful
3
Replies

Need information on logging ASA5505

Go to solution
Steven Couture
Level 1
Level 1

‎04-05-2014 04:54 PM - last edited on ‎03-25-2019 05:53 PM by Community Manager

Hello,

I need to learn about logging and viewing the logs on an ASA5505.  I am new to this  - in general, I think logging means to track all traffic inbound to the firewall and then save it somewhere so I can look at to see what is going on.  Can someone explain the theory to me? Like what information I should be watching for?

 

Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎04-05-2014 05:12 PM

I recommend you have a listen to the TAC Security Podcast #32. It had an excellent talk all about ASA syslogs and how to use them. You can find it (and all the other episodes) here.

Syslogs are much more than just connection and access-list records, although they can include those too. You basically set severity levels you are interested in and send the logs to a log server where they are archived and searchable (and perhaps setup to take certain action such as alert an admin if something goes wrong).

Many people set their logging level too high and then proceed to not use the syslog since a firewall with logging level 6 will create a message for every single tcp session establishment and teardown. That can often mean hundreds of thousand or even millions of message per day.

If you want an overview of the logging levels and how to setup logging in general, refer to this section of the configuration guide.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎04-05-2014 05:12 PM

I recommend you have a listen to the TAC Security Podcast #32. It had an excellent talk all about ASA syslogs and how to use them. You can find it (and all the other episodes) here.

Syslogs are much more than just connection and access-list records, although they can include those too. You basically set severity levels you are interested in and send the logs to a log server where they are archived and searchable (and perhaps setup to take certain action such as alert an admin if something goes wrong).

Many people set their logging level too high and then proceed to not use the syslog since a firewall with logging level 6 will create a message for every single tcp session establishment and teardown. That can often mean hundreds of thousand or even millions of message per day.

If you want an overview of the logging levels and how to setup logging in general, refer to this section of the configuration guide.

0 Helpful

Go to solution
Steven Couture
Level 1
Level 1
In response to Marvin Rhoads

‎04-05-2014 05:35 PM

Thank you for your fast response Marvin - I will start here :)

0 Helpful

Go to solution
johnlloyd_13
Level 9
Level 9

‎04-06-2014 04:03 AM

marvin,

 

this is great info! bookmarked!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card