The purpose of this post is to guide you on how to set up syslogging on a Cisco ASA firewall so you can ship your logs to a centralized log server like the ELK stack (Elasticsearch, Logstash and Kibana). This configuration guide is done using the ASDM (GUI).
Here is an example of what a Cisco syslog looks like…
%ASA-4-106023: Deny tcp src outside:220.127.116.11/24069 dst inside:18.104.22.168/25 by access-group "PERMIT_IN" [0x0, 0x0]"
The Cisco message above shows that the IP of 22.214.171.124 was denied access to a blocked SMTP port based on the access group “PERMIT_IN” for the public IP address of 126.96.36.199.
Here are the settings to tell our Firewall to send syslogs to our centralized log service. Open up your ASDM and log into your firewall.
Now just save your running config to the startup config and you will now start seeing your logs on your centralized log server.