Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
184
Views
1
Helpful
6
Replies

send Log ASA to Security Analytics and Logging for Secure Network

401
Level 1
Level 1

‎07-01-2025 06:31 PM


"I've configured syslog forwarding on my Cisco ASA to send logs to Secure Network Analytics, and the ASA's logging configuration is complete. However, I've noticed that the UDP TX counter for this destination is consistently at 3, which suggests logs aren't being sent successfully to Secure Network Analytics. Interestingly, syslogs are being sent to CSM without any issues. What steps should I take to diagnose and resolve this log delivery problem to Secure Network Analytics?"

ASA1111.png


0 Helpful
6 Replies 6

MHM Cisco World
VIP
VIP

‎07-01-2025 07:12 PM

Use Capture for traffic out from outside interface (or interface use to connect to server)
MHM

0 Helpful

401
Level 1
Level 1

‎07-01-2025 08:50 PM

is it necessary to add the ACL "access-list configuration OUTSIDE extended permit udp host <IP_interface_ASA> host <IP_SNA> eq 8514"

0 Helpful

MHM Cisco World
VIP
VIP
In response to 401

‎07-02-2025 01:40 AM

@401 wrote:

is it necessary to add the ACL "access-list configuration OUTSIDE extended permit udp host <IP_interface_ASA> host <IP_SNA> eq 8514"

In capture command you can specify host IP 

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/118097-configure-asa-00.html

MHM

0 Helpful

Aref Alsouqi
VIP
VIP
In response to 401

‎07-03-2025 01:24 AM

This is not a transit traffic passing through the firewall, instead it is generated by the firewall itself, so no need for an transit ACL for this to work.

401
Level 1
Level 1
In response to Aref Alsouqi

‎07-03-2025 07:16 PM

For syslog traffic that will be sent to SNA, does it go through the OUTSIDE Management IP or through the DATA IP?For syslog traffic that will be sent to SNA, does it go through the OUTSIDE Management IP or through the DATA IP?

0 Helpful

Aref Alsouqi
VIP
VIP
In response to 401

‎07-04-2025 01:30 AM

When you configure syslog on the ASA you define the interface name that you want it to be used to reach the remote syslog server. In your case it seems that you configured the outside interface. So, the ASA in your case tries to reach SNA out of the outside interface. If SNA is sitting somewhere else on your network and it's reachable via a different interface then you should change that configuration.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card