01-29-2009 05:12 AM
Hi all,
Does anyone know if the MARS can accept syslog over TCP? The issue is that I want the ASA to stop making new connections in case the connection is lost to the MARS.
Thanks in advance!
Regards,
Jesper
Solved! Go to Solution.
01-29-2009 01:32 PM
The configuration on MARS is in the bottom of the table located at:
And yes, SECURE is the key word needed, but only works if you specify TCP.
http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/l2.html#wp1751719
01-29-2009 09:48 AM
For the ASA:
MARS release 4.x and 5.x support syslog over UDP.
Release 6.x supports Syslog over UDP and Secure Syslog on TCP
It does not support unsecured syslog on TCP.
01-29-2009 11:24 AM
Hi,
Thank you very much for the answer.
Does the optional 'secure' keyword in the 'logging host' command in ASA 8.x enable the same secure syslog that is supported in MARS release 6.x?
01-29-2009 01:32 PM
The configuration on MARS is in the bottom of the table located at:
And yes, SECURE is the key word needed, but only works if you specify TCP.
http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/l2.html#wp1751719
02-04-2009 12:54 PM
add'l related question - can Snare use this same secure syslog protocol to talk to MARS?
02-04-2009 01:15 PM
No. Secure Syslog is only supported from the ASA.
02-04-2009 01:18 PM
thanks rajett - so as I understand it, MARS will only listen for syslog on udp 514 in R6, with the exception being ASA which uses secure syslog?
thanks for the prompt replies
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide