cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
160
Views
0
Helpful
5
Replies

send Log ASA to Security Analytics and Logging for Secure Network

401
Level 1
Level 1


"I've configured syslog forwarding on my Cisco ASA to send logs to Secure Network Analytics, and the ASA's logging configuration is complete. However, I've noticed that the UDP TX counter for this destination is consistently at 3, which suggests logs aren't being sent successfully to Secure Network Analytics. Interestingly, syslogs are being sent to CSM without any issues. What steps should I take to diagnose and resolve this log delivery problem to Secure Network Analytics?"

ASA1111.png


5 Replies 5

Use Capture for traffic out from outside interface (or interface use to connect to server)
MHM

401
Level 1
Level 1

is it necessary to add the ACL "access-list configuration OUTSIDE extended permit udp host <IP_interface_ASA> host <IP_SNA> eq 8514"


@401 wrote:

is it necessary to add the ACL "access-list configuration OUTSIDE extended permit udp host <IP_interface_ASA> host <IP_SNA> eq 8514"


In capture command you can specify host IP 

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/118097-configure-asa-00.html

MHM

This is not a transit traffic passing through the firewall, instead it is generated by the firewall itself, so no need for an transit ACL for this to work.

For syslog traffic that will be sent to SNA, does it go through the OUTSIDE Management IP or through the DATA IP?For syslog traffic that will be sent to SNA, does it go through the OUTSIDE Management IP or through the DATA IP?

Review Cisco Networking for a $25 gift card