/
Create a Remote Log Source - Cisco ASA

Create a Remote Log Source - Cisco ASA

 

Topics Discussed

 

You can use this document to send Cisco Adaptive Secure Appliance (ASA) logs to Armor's Security Information & Event Management (SIEM).

This document only applies to:

  • Cisco Adaptive Secure Appliance (ASA) 8.X

  • Cisco Adaptive Secure Appliance (ASA) 9.X


Pre-Deployment Considerations


To create a remote Log Relay, you must already have:


Update your Cisco ASA device


  1. Log into your Cisco ASA device.

  2. Access the privileged EXEC mode:

    hostname> enable
  3. Access the global configuration mode:

    hostname# configure terminal
  4. Enable logging:

    hostname(config)# logging enable
  5. Configure the global logging settings:

    hostname(config)# logging timestamp hostname(config)# logging trap warning hostname(config)# logging asdm warning hostname(config)# logging device-id hostname
  6. Configure logs to be sent to a designated Armor Log Relay device:

    hostname(config)# logging host <interface> <ipaddress> <protocol/port>

  7. To ensure that the log messages use the IP address and not the object names, disable the output object name option:

    hostname(config)# no names
  8. Exit the configuration:

    hostname(config)# exit
  9. Save the changes:

    hostname# write memory
  10. Review the logging configuration:

    hostname# show run all logging logging enable logging timestamp logging hide username logging buffer-size 4096 logging asdm-buffer-size 100 logging buffered warnings logging trap warnings logging asdm warnings logging device-id hostname logging host inside 100.64.0.10 17/5140 logging flash-minimum-free 3076 logging flash-maximum-allocation 1024

Troubleshooting

Verify that logs are formatted correctly, similar to the following example:



Related content