01-30-2015 08:37 AM - edited 03-11-2019 10:25 PM
I'm trying to set this up but can't get it to work. Here is my config on the ASA:
logging enable
logging trap informational
logging asdm informational
logging host inside <ip address of syslog server>
logging permit-hostdown
My syslog server is reachable from the ASA, the syslog service is running and listening for UDP packets on port 514. Firewall is disabled on that port. Anyone know what I'm missing?
<Update>
I tried using Wireshark to see if the data was actually arriving, and it is, but it's being sent from the ASA using TLSv1, even though I've specified UDP in ASDM. Is there a way I can force it to use UDP using the command line?
Thanks,
Shaun
Solved! Go to Solution.
02-02-2015 07:53 PM
I've had an instance where the ASA was correctly configured and Kiwi not displaying the received packets.
Deleting and re-adding the ASA as a configured source cleared it up. (You know you do need to define the sources and are limited (to 5 IIRC) with the free Kiwi version - right?)
01-30-2015 12:18 PM
That looks all OK.
Can you check a packet capture on the ASA filtering on traffic to your syslog server at the inside interface and confirm that messages are not being sent out from the ASA?
02-02-2015 01:08 PM
Sorry, I'm an idiot. The TLS traffic is from the ASDM and/or the SSH session I had open on the firewall.
I do see the syslog packets coming in from the ASA to my syslog server when running wireshark on the syslog server. But nothing is registering in the Kiwi syslog server application. Sounds like I need to consult that community (SolarWinds) instead. Unless anyone else has any helpful insights?
02-02-2015 07:53 PM
I've had an instance where the ASA was correctly configured and Kiwi not displaying the received packets.
Deleting and re-adding the ASA as a configured source cleared it up. (You know you do need to define the sources and are limited (to 5 IIRC) with the free Kiwi version - right?)
02-03-2015 06:52 AM
Thanks, after looking at the Kiwi setup again, I did see where to actually define the sources. I appreciate the help!
 
					
				
		
01-30-2015 02:30 PM
Hi Shaun,
Can you paste the output of "show run logging"?
Thanks.
__ __
Pablo
02-02-2015 12:07 PM
The output of sho run logging is in the first thread posting.
 
					
				
				
			
		
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide