sending logging to syslog server

w951duu · ‎10-14-2010

I'm being asked to send logs from an ASA5510 to a syslog server on port 40991 thats behind an interface with a security level of 50.

At this point it's not working, the syslog server is 192.168.233.43 and it's behind an interface named APP with a security level of 50

I thought that all that would be required is the following:

(config)logging host app 192.168.233.43 tcp/40991

Can someone please advise?

Kureli Sankar · ‎10-14-2010

You also need

loggin trap debug

or what ever level you need to send to the syslog server.

-KS

Panos Kampanakis · ‎10-14-2010

And also make sure you have logging enable.

So to summarize:

logging enable

logging trapp debug

logging host app 192.168.233.43 tcp/40991 (make sure the syslog server is listening on TCP 40991 and not on UDP port 514)

I hope it helps.

PK

w951duu · ‎10-14-2010

Since the security level is 50 for the APP interface that the server is located behind do I need and ACL?

Kureli Sankar · ‎10-14-2010

Greg,

ACL applied on the interface is only for "THROUGH" the box traffic. syslog is "FROM and TO" the box traffic.

No need for acl. Just the logging on, logging trap and logging host lines are required.

Once done issue "sh logg" and see if the fiirewall shows the number of log messages sent to the syslog server.

-KS