The following steps detail how Cisco ASA and Pix firewall logs can be sent to the CCE. You have two options: Configure using the Command Line Interface or via the User Interface.
TABLE OF CONTENTS
- Option 1: Configuring Cisco ASA using Command Line Interface
- Option 2: Configuring Cisco ASA from the User Interface
Option 1: Configuring Cisco ASA using Command Line Interface
Telnet to the firewall and enter the enable mode
Type the following:
configure terminal
logging on
logging timestamp
logging trap informational
logging device-id {context-name | hostname | ipaddress interface_name | string text}
logging host interface_name syslog_ip [17/]
where,
| interface_ name | is the interface on the firewall whose logs need to be analyzed ("inside" or "outside," for example). |
| syslog_ip | is the IP address of the syslog server (CCE host’s IP address) to which the ASA firewall should send the Syslogs. |
| 17 / <syslog_port> | indicates that logs will be sent using the UDP protocol, to the configured syslog port on the syslog server. If left blank, the syslogs are sent through the default syslog port (UDP port 514). If the logs are sent through any other port, mention it as 17/ (For example: 17/1514). |
| hostname | firewall's host name (defined with the hostname configuration command). In this case, the hostname will appear in the logs sent from the Firewall. |
| ipaddress interface_ name | the IP address of a specific firewall interface named interface_name ("inside" or "outside," for example). In this case, the IP Address of the Interface Name will appear in the logs sent from the Firewall. |
| string text | an arbitrary text string (up to 16 characters). In this case, the arbitrary text string you have entered in string will appear in the logs sent from the Firewall. |
| context-name | operating in multiple-context mode, the name of the firewall context will appear in the logs sent from the Firewall. |
Example: logging host inside 11.23.4.56 17/1514
To verify your configuration, enter the show logging command after the last command above. This will list the current logging configuration on the firewall.
Option 2: Configuring Cisco ASA from the User Interface
Log in to the Cisco user interface, and follow the steps below to configure the firewall:
- Enable Logging:
- Select Configure > Settings > Logging > Logging Setup.
- Select the Enable logging setup and Enable logging failover check boxes.
- Click Apply.
Changes are applied to the assigned firewall configuration files when they are generated. The configuration files are then downloaded to firewalls at deployment.
- Configure Syslog Server:
- Select Configure > Settings > Logging > Syslog.
- Check Include Timestamp.
- Click Add to add a row.
- In the Add Syslog Server page that appears, enter the following:
- Interface Name - the firewall interface through which Firewall Analyzer can be reached, the interface can be either inside or outside.
- IP Address - the IP address of the syslog server (CCE host IP Address) to which logs have to be sent.
- Under Protocol, select the UDP radio button.
- The default UDP port is 514. If you have configured a different syslog listener port on your syslog server, enter the same port here.
- Click Apply.
- Configure Logging Level:
- Select Configure > Settings > Logging > Other.
- Under Console Level List, select Informational so that all report data is available.
- Click Apply.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article