Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2102
Views
5
Helpful
5
Replies

Syslog Server

Go to solution
Lake
Level 1
Level 1

‎12-05-2017 08:21 AM - edited ‎02-21-2020 06:54 AM

Hi Guys,

 

I would like to configure our ASA firewall to send all it's logs to a syslog server. Does anyone know of a good syslog server which I can use? Any help would be greatly appreciated.

 

Thanks,

Lake

1 person had this problem
Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Seb Rupik
VIP Alumni
VIP Alumni

‎12-06-2017 01:05 AM

Hi there,

At the most simple end of the spectrum, just configure a syslog service on a BSD/ Linux box. This setup would require a little effort to search and parse the logs once collected.

At the other end take a look at graylog: https://www.graylog.org/ . This is slightly more complicated to setup, but search the logs is a breeze!

 

...both are free and should provide you with what you need.

 

cheers,

Seb.

View solution in original post

0 Helpful

Go to solution
Seb Rupik
VIP Alumni
VIP Alumni
In response to Patrick.Bryant

‎12-13-2017 12:16 PM

There is another option for your situation, use the logging flash-bufferwrap command. This will save the existing buffer before it begins to be overwritten with new logs, to the internal flash.

You could then use a script to periodically scrap these .TXT files off the ASA and delete them when completed.

Your next challenge would to then inject these logs into your syslog server...?

 

cheers,

Seb.

View solution in original post

5 Replies 5

Go to solution
Seb Rupik
VIP Alumni
VIP Alumni

‎12-06-2017 01:05 AM

Hi there,

At the most simple end of the spectrum, just configure a syslog service on a BSD/ Linux box. This setup would require a little effort to search and parse the logs once collected.

At the other end take a look at graylog: https://www.graylog.org/ . This is slightly more complicated to setup, but search the logs is a breeze!

 

...both are free and should provide you with what you need.

 

cheers,

Seb.

0 Helpful

Go to solution
Lake
Level 1
Level 1
In response to Seb Rupik

‎12-07-2017 08:44 AM

Thank you very much.

 

0 Helpful

Go to solution
Patrick.Bryant
Level 1
Level 1

‎12-13-2017 10:24 AM

Please confirm my conclusion: although a USB drive can be mounted on the ASA 5506W-X firewall as "disk1:", there is no way to redirect syslog to this device?

 

If that's true, it's a real bummer since we are using the firewall in the field (outside a data center) and it means we will have to drag another box along with us. Sending syslog to a remote server isn't an option since Internet connectivity isn't continuous.

0 Helpful

Go to solution
Seb Rupik
VIP Alumni
VIP Alumni
In response to Patrick.Bryant

‎12-13-2017 12:16 PM

There is another option for your situation, use the logging flash-bufferwrap command. This will save the existing buffer before it begins to be overwritten with new logs, to the internal flash.

You could then use a script to periodically scrap these .TXT files off the ASA and delete them when completed.

Your next challenge would to then inject these logs into your syslog server...?

 

cheers,

Seb.

Go to solution
Lake
Level 1
Level 1
In response to Seb Rupik

‎12-21-2017 06:34 AM

Thanks Seb

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card