02-28-2013 01:32 AM - edited 03-11-2019 06:07 PM
Hi,
I want to set up a syslog server for capturing ASA logs , i have enabled logging through ASDM on an interface directing towards ip 192.168.x.x
But what do i need to set up on 192.168.x.x to capture the logs ?? where can i see those logs on the syslog server ???
Solved! Go to Solution.
04-10-2013 06:45 AM
Hi Rahul Arya
Well you install a syslog server software
There are many different syslog server software out on the net.
Some are free to install and use and some you have to pay for.
One that I like is the Kiwi syslog server. (now from solarwinds)
There are two versions available of that server, the paid with some extra bells and whistles and the free bare one.
One nice part is that it has the possibility to do windows -> syslog logging with a little log forwarder.
Then you are going to need software to analyse the information in the syslog file.
I would start with grep (also software to be installed in windows. but there is a "similar" command in windows. the "Find" command.
Then you can go to more advanced software like splunk and so on.
Good luck
HTH
02-28-2013 02:07 AM
Hi,
You naturally need a software on the actual server that would handle the logs.
I imagine there are several softwares that can handle handle this.
Sadly I dont personally set up our servers, I just use them. I think we have Linux servers setup as Syslog servers and I use the CLI through SSH connection to parse/filter through the logs I need.
- Jouni
02-28-2013 07:41 AM
The syslog server details vary, of course, depending one what server you are running. For rsyslog on Redhat enterprise 6 I use a configuration similar to:
On the ASA:
logging enable
logging timestamp
logging buffer-size 40960
logging trap informational
logging facility 22
logging host AN-INTERFACE SYSLOG-IP
On the Linux box, in /etc/rsyslog.conf
$ModLoad imudp
$UDPServerRun 514
...
local6.* /var/log/asa/asa.log
Next you need some log rotation, log analysis, etc. And you have to do:
mkdir /var/log/asa
to create the destination.
The point of specifying the facility (22 aka local6) is to allow the firewall logs to be easily segregated from other logs.
-- Jim Leinweber, WI State Lab of Hygiene
03-01-2013 09:40 PM
Thanks for the replies
apart from linux how can i capture logs in a Windows Server , what softwares should i be running ??
04-09-2013 11:59 PM
how can it be configured on a windows Machine anyone ???
04-10-2013 02:46 AM
There you go: http://www.lmgtfy.com/?q=syslog+server+windows
You can use one that costs or one that is free.
04-10-2013 06:45 AM
Hi Rahul Arya
Well you install a syslog server software
There are many different syslog server software out on the net.
Some are free to install and use and some you have to pay for.
One that I like is the Kiwi syslog server. (now from solarwinds)
There are two versions available of that server, the paid with some extra bells and whistles and the free bare one.
One nice part is that it has the possibility to do windows -> syslog logging with a little log forwarder.
Then you are going to need software to analyse the information in the syslog file.
I would start with grep (also software to be installed in windows. but there is a "similar" command in windows. the "Find" command.
Then you can go to more advanced software like splunk and so on.
Good luck
HTH
05-28-2013 10:14 PM
Thanks Hobbe
Kiwi did the job...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide