cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
10038
Views
0
Helpful
6
Replies

Send ASA5505 logs to Kiwi syslog server

Shaun Michelson
Level 1
Level 1

I'm trying to set this up but can't get it to work. Here is my config on the ASA:

logging enable
logging trap informational
logging asdm informational
logging host inside <ip address of syslog server>
logging permit-hostdown

My syslog server is reachable from the ASA, the syslog service is running and listening for UDP packets on port 514. Firewall is disabled on that port. Anyone know what I'm missing?

 

<Update>

I tried using Wireshark to see if the data was actually arriving, and it is, but it's being sent from the ASA using TLSv1, even though I've specified UDP in ASDM. Is there a way I can force it to use UDP using the command line?

Thanks,
Shaun

 

1 Accepted Solution

Accepted Solutions

I've had an instance where the ASA was correctly configured and Kiwi not displaying the received packets.

Deleting and re-adding the ASA as a configured source cleared it up. (You know you do need to define the sources and are limited  (to 5 IIRC) with the free Kiwi version - right?)

View solution in original post

6 Replies 6

Marvin Rhoads
Hall of Fame
Hall of Fame

That looks all OK.

Can you check a packet capture on the ASA filtering on traffic to your syslog server at the inside interface and confirm that messages are not being sent out from the ASA?

Sorry, I'm an idiot. The TLS traffic is from the ASDM and/or the SSH session I had open on the firewall.

 

I do see the syslog packets coming in from the ASA to my syslog server when running wireshark on the syslog server. But nothing is registering in the Kiwi syslog server application. Sounds like I need to consult that community (SolarWinds) instead. Unless anyone else has any helpful insights?

I've had an instance where the ASA was correctly configured and Kiwi not displaying the received packets.

Deleting and re-adding the ASA as a configured source cleared it up. (You know you do need to define the sources and are limited  (to 5 IIRC) with the free Kiwi version - right?)

Thanks, after looking at the Kiwi setup again, I did see where to actually define the sources. I appreciate the help!

Pablo
Cisco Employee
Cisco Employee

Hi Shaun,

Can you paste the output of "show run logging"?

Thanks.

__ __

Pablo

The output of sho run logging is in the first thread posting.

Review Cisco Networking for a $25 gift card