Topics Discussed
Error rendering macro 'excerpt-include' : No link could be created for 'ESLP:Permissions for Log Relay and Remote Log Collection (snippet)'.
You can use this document to send Cisco Adaptive Secure Appliance (ASA) logs to Armor's Security Information & Event Management (SIEM).
This document only applies to:
- Cisco Adaptive Secure Appliance (ASA) 8.X
- Cisco Adaptive Secure Appliance (ASA) 9.X
Pre-Deployment Considerations
To create a remote Log Relay, you must already have:
- A Log Relay server on your account
- To learn how to add Log Relay to your account, see Obtain Log Relay for Remote Log Collection
- Configured the system clock
Update your Cisco ASA device
Troubleshooting
Verify that logs are formatted correctly, similar to the following example:
May 22 2019 16:11:55 asav-984 : %ASA-4-411004: Interface Management0/0, changed state to administratively down