Syslogs filling up too fast due to ASA firewall events
We currently have a few ASA's deployed on our network, which sends its syslogs to syslog servers. One of which is the LMS server. ASA sends and receives sylogs on other syslog servers just fine. When it comes to the LMS server, it does send the syslogs to the LMS server as they are visible on the server side, but does not show the syslog reports on the application side. The reports show up as "zero records." Despite restarting daemon manager a number of times, setting a logging-trap with severity 3 and above to retain at least serious firewall events, the syslogs cannot take the load and break the application. I have even tried setting a logging-rate limit to limit the syslogs being sent, but if Cisco claims that it can monitor upto 500 devices then why does the application break from the load of security events on our ASA firewalls? I am aware I cannot do anything on the device itself to limit syslogs, only on the LMS application. Is there a application fix out there that can resolve this issue, like a possible filter in the application that can filter out firewall events?
May 2016Splunk is a powerful tool for analyzing information in your organization by collecting, storing, alerting, reporting, and analyzing machine data. With Cisco platform Exchange Grid (pxGrid) Splunk is able to proactively act on received network secu...
Happy to announce that we have an updated version of our Enabling AMP on Content Security Products - Best Practices (v3.0). Please feel free to review if you have questions regarding deployment of AMP (File Reputation and File Analysis).
Updated: July 2018
New: Updated format , Netflow configuration examples per platform (End of Table)
Note: Remember the table is scrollable horizontally to view other columns, not only vertically
IOS / IOS XE
The goal of this guide is to illustrate the main concepts of TrustSec which are:
Classification: Classifying endpoints and servers with a Scalable Group Tag (SGT)
Propagation: Communicating SGT information through the network