{"id":174,"date":"2014-07-30T13:35:09","date_gmt":"2014-07-30T17:35:09","guid":{"rendered":"http:\/\/jackhanington.com\/blog\/?p=174"},"modified":"2015-06-15T13:41:19","modified_gmt":"2015-06-15T17:41:19","slug":"sysloging-cisco-asa-firewall","status":"publish","type":"post","link":"https:\/\/jackhanington.com\/blog\/2014\/07\/30\/sysloging-cisco-asa-firewall\/","title":{"rendered":"Set up Syslogging on Cisco ASA Firewall"},"content":{"rendered":"

The purpose of this post is to guide you on how to set up syslogging on a Cisco ASA firewall so you can ship your logs to a centralized log server like the ELK stack (Elasticsearch, Logstash and Kibana). This configuration guide is done using the ASDM (GUI).<\/p>\n

Here is an example of what a Cisco syslog looks like…<\/p>\n

%ASA-4-106023: Deny tcp src outside:109.230.217.95\/24069 dst inside:164.32.112.125\/25 by access-group \"PERMIT_IN\" [0x0, 0x0]\"\r\n<\/pre>\n
The Cisco message above shows that the IP of 109.230.217.95<\/a> was denied access to a blocked SMTP port based on the access group “PERMIT_IN” for the public IP address of\u00a0164.32.112.125.<\/p>\n
Here are the settings to tell our Firewall to send syslogs to our centralized log service. Open up your ASDM and log into your firewall.<\/p>\n
\"\"<\/a><\/p>\n
Click the configuration button on the\u00a0top
\n\"Configuration\"<\/a><\/p>\n
Click \u201cDevice Management”
\n\"Device<\/a><\/p>\n
Expand \u201cLogging\u201d and click \u201cSyslog Servers\u201d
\n\"Syslog<\/a><\/p>\n
On the right side click \u201cAdd\u201d, choose the inside interface, type in the IP of the machine you want to ship logs to, select UDP, type in your port and click OK.
\n\"Add<\/a><\/p>\n
Click \u201cLogging Setup\u201d, select \u201cEnable logging\u201d and click apply.
\n\"Enable\"<\/a><\/p>\n
Click \u201cLogging Filters\u201d, double click \u201cSyslog Servers\u201d, check \u201cFilter on severity\u201d, select the type of logs you want to receive and click OK.
\n\"Logging<\/a><\/p>\n
Here is an explanation of the different logging levels with Cisco products.
\n\"Cisco<\/a><\/p>\n
Now just save your running config to the startup config and you will now start seeing your logs on your centralized log server.<\/p>\n","protected":false},"excerpt":{"rendered":"
The purpose of this post is to guide you on how to set up syslogging on a Cisco ASA firewall so you can ship your logs to a centralized log server like the ELK stack (Elasticsearch, Logstash and Kibana). This configuration guide is done using the ASDM (GUI). Here is an example of what a…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"footnotes":""},"categories":[20,3,40],"tags":[],"class_list":["post-174","post","type-post","status-publish","format-standard","hentry","category-blog","category-information-technology","category-networking"],"_links":{"self":[{"href":"https:\/\/jackhanington.com\/blog\/wp-json\/wp\/v2\/posts\/174","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jackhanington.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jackhanington.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jackhanington.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jackhanington.com\/blog\/wp-json\/wp\/v2\/comments?post=174"}],"version-history":[{"count":35,"href":"https:\/\/jackhanington.com\/blog\/wp-json\/wp\/v2\/posts\/174\/revisions"}],"predecessor-version":[{"id":299,"href":"https:\/\/jackhanington.com\/blog\/wp-json\/wp\/v2\/posts\/174\/revisions\/299"}],"wp:attachment":[{"href":"https:\/\/jackhanington.com\/blog\/wp-json\/wp\/v2\/media?parent=174"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jackhanington.com\/blog\/wp-json\/wp\/v2\/categories?post=174"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jackhanington.com\/blog\/wp-json\/wp\/v2\/tags?post=174"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}