Create a Remote Log Source - Cisco ASA
- Aaron Gabriel (Deactivated)
- Former user (Deleted)
- Luke Fritz (Unlicensed)
Â
Topics Discussed
Â
You can use this document to send Cisco Adaptive Secure Appliance (ASA) logs to Armor's Security Information & Event Management (SIEM).
This document only applies to:
Cisco Adaptive Secure Appliance (ASA) 8.X
Cisco Adaptive Secure Appliance (ASA) 9.X
Pre-Deployment Considerations
To create a remote Log Relay, you must already have:
A Log Relay server on your account
To learn how to add Log Relay to your account, see Obtain Log Relay for Remote Log Collection
Configured the system clock
Update your Cisco ASA device
Log into your Cisco ASA device.
Access the privileged EXEC mode:
hostname> enableAccess the global configuration mode:
hostname# configure terminalEnable logging:
hostname(config)# logging enableConfigure the global logging settings:
Configure logs to be sent to a designated Armor Log Relay device:
To ensure that the log messages use the IP address and not the object names, disable the output object name option:
Exit the configuration:
Save the changes:
Review the logging configuration:
Troubleshooting
Verify that logs are formatted correctly, similar to the following example: