Re: send Log ASA to Security Analytics and Logging for Secure Network

401 · ‎07-01-2025

"I've configured syslog forwarding on my Cisco ASA to send logs to Secure Network Analytics, and the ASA's logging configuration is complete. However, I've noticed that the UDP TX counter for this destination is consistently at 3, which suggests logs aren't being sent successfully to Secure Network Analytics. Interestingly, syslogs are being sent to CSM without any issues. What steps should I take to diagnose and resolve this log delivery problem to Secure Network Analytics?"

MHM Cisco World · ‎07-01-2025

Use Capture for traffic out from outside interface (or interface use to connect to server)
MHM

401 · ‎07-01-2025

is it necessary to add the ACL "access-list configuration OUTSIDE extended permit udp host <IP_interface_ASA> host <IP_SNA> eq 8514"

MHM Cisco World · ‎07-02-2025

@401 wrote:

is it necessary to add the ACL "access-list configuration OUTSIDE extended permit udp host <IP_interface_ASA> host <IP_SNA> eq 8514"

In capture command you can specify host IP

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/118097-configure-asa-00.html

MHM

Aref Alsouqi · ‎07-03-2025

This is not a transit traffic passing through the firewall, instead it is generated by the firewall itself, so no need for an transit ACL for this to work.

401 · ‎07-03-2025

For syslog traffic that will be sent to SNA, does it go through the OUTSIDE Management IP or through the DATA IP?For syslog traffic that will be sent to SNA, does it go through the OUTSIDE Management IP or through the DATA IP?