Solved: Set up a SYSLOG Server - ASA

aryarahul · ‎02-28-2013

Hi,

I want to set up a syslog server for capturing ASA logs , i have enabled logging through ASDM on an interface directing towards ip 192.168.x.x

But what do i need to set up on 192.168.x.x to capture the logs ?? where can i see those logs on the syslog server ???

hobbe · ‎04-10-2013

Hi Rahul Arya

Well you install a syslog server software

There are many different syslog server software out on the net.

Some are free to install and use and some you have to pay for.

One that I like is the Kiwi syslog server. (now from solarwinds)

There are two versions available of that server, the paid with some extra bells and whistles and the free bare one.

One nice part is that it has the possibility to do windows -> syslog logging with a little log forwarder.

Then you are going to need software to analyse the information in the syslog file.

I would start with grep (also software to be installed in windows. but there is a "similar" command in windows. the "Find" command.

Then you can go to more advanced software like splunk and so on.

Good luck

HTH

View solution in original post

Jouni Forss · ‎02-28-2013

Hi,

You naturally need a software on the actual server that would handle the logs.

I imagine there are several softwares that can handle handle this.

Sadly I dont personally set up our servers, I just use them. I think we have Linux servers setup as Syslog servers and I use the CLI through SSH connection to parse/filter through the logs I need.

- Jouni

James Leinweber · ‎02-28-2013

The syslog server details vary, of course, depending one what server you are running. For rsyslog on Redhat enterprise 6 I use a configuration similar to:

On the ASA:

logging enable

logging timestamp

logging buffer-size 40960

logging trap informational

logging facility 22

logging host AN-INTERFACE SYSLOG-IP

On the Linux box, in /etc/rsyslog.conf

$ModLoad imudp

$UDPServerRun 514

...

local6.* /var/log/asa/asa.log

Next you need some log rotation, log analysis, etc. And you have to do:

mkdir /var/log/asa

to create the destination.

The point of specifying the facility (22 aka local6) is to allow the firewall logs to be easily segregated from other logs.

-- Jim Leinweber, WI State Lab of Hygiene

aryarahul · ‎03-01-2013

Thanks for the replies

apart from linux how can i capture logs in a Windows Server , what softwares should i be running ??

aryarahul · ‎04-09-2013

how can it be configured on a windows Machine anyone ???

patoberli · ‎04-10-2013

There you go: http://www.lmgtfy.com/?q=syslog+server+windows

You can use one that costs or one that is free.

hobbe · ‎04-10-2013