07-01-2025 06:31 PM
"I've configured syslog forwarding on my Cisco ASA to send logs to Secure Network Analytics, and the ASA's logging configuration is complete. However, I've noticed that the UDP TX counter for this destination is consistently at 3, which suggests logs aren't being sent successfully to Secure Network Analytics. Interestingly, syslogs are being sent to CSM without any issues. What steps should I take to diagnose and resolve this log delivery problem to Secure Network Analytics?"
07-01-2025 07:12 PM
Use Capture for traffic out from outside interface (or interface use to connect to server)
MHM
07-01-2025 08:50 PM
is it necessary to add the ACL "access-list configuration OUTSIDE extended permit udp host <IP_interface_ASA> host <IP_SNA> eq 8514"
07-02-2025 01:40 AM
@401 wrote:
is it necessary to add the ACL "access-list configuration OUTSIDE extended permit udp host <IP_interface_ASA> host <IP_SNA> eq 8514"
In capture command you can specify host IP
MHM
07-03-2025 01:24 AM
This is not a transit traffic passing through the firewall, instead it is generated by the firewall itself, so no need for an transit ACL for this to work.
07-03-2025 07:16 PM
For syslog traffic that will be sent to SNA, does it go through the OUTSIDE Management IP or through the DATA IP?For syslog traffic that will be sent to SNA, does it go through the OUTSIDE Management IP or through the DATA IP?
07-04-2025 01:30 AM
When you configure syslog on the ASA you define the interface name that you want it to be used to reach the remote syslog server. In your case it seems that you configured the outside interface. So, the ASA in your case tries to reach SNA out of the outside interface. If SNA is sitting somewhere else on your network and it's reachable via a different interface then you should change that configuration.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide