Solved

ASA5510: Send logs via email

Posted on 2006-11-28
12
422 Views
Last Modified: 2010-04-09
Hi,

I need to send the firewall log to an e-mail account, our MX server is located on our LAN

I have configured the following:

enable logging
logging mail 3
logging from-address asa@mydomain.com
logging recipient-address admin@mydomain.com
smtp-server 10.143.3.4

---------------------------------------

sh logging - shows that there are messages in the "mail" - but the recipient is not getting any emails, what else do I need to configure?

What else do I need to configure?

I pretty much followed this:
http://www.cisco.com/en/US/products/ps6120/products_configuration_guide_book09186a00806a61b0.html


0
Comment
Question by:titanax
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
12 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 18030823
Does your mailserver have an account "asa" ? Does it require authentication for email from internal hosts?
your mailserver may not be set up to accept email from internal hosts..

0
 

Author Comment

by:titanax
ID: 18033948
thats what i suspected, but this asa is to replace the sonicwall 100 pro & the SW does not have any accounts on the MX; or thats whats the MX administrator claims.

as far as configs are concerned - have i got it nailed ?
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 18035188
>have i got it nailed
100% according to all Cisco published documentation
Can you ping the server IP from the ASA? It could be a simple routing issue if this is in a 'test' mode and the Sonicwall is still the primary firewall.
0
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

 

Author Comment

by:titanax
ID: 18035823
haven't thought of trying to ping! LOL! will be going to site tomorrow to test it out.

Routing issue - what do you mean?
0
 

Author Comment

by:titanax
ID: 18050485
ping works, so i don't think its a routing issue. i've change the "logging from-address {from unauthenicated to authenicated user}"

but the mails are not recieved by the recipient.

qn:
at what intervals are logged sent out? are they defined by the buffer log size? how do i force the logging to send out an e-mail?
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 18053527
Whenever any level 3 message gets genereated. This would be a critical event like interface down or something. Since it is not in production yet, unplug the outside interface and see if that generates a trap and an email.
0
 

Author Comment

by:titanax
ID: 18058454
> Whenever any level 3 message gets genereated - the reason for this is prob coz I set "logging mail 3" right?

So I can either change the logging level to 1 or like u suggest unplug the outside intf - great, I will try it!
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 18059414
Change the logging level to 5 not 1
Level 3 will generate traps for all lower levels

Sets the maximum level for system log messages. For example, if you set the level to 3, then the security appliance generates system log messages for level 3, 2, 1, and 0. You can specify either the number or the name, as follows:

•0 or emergencies—System unusable.

•1 or alerts—Take immediate action.

•2 or critical—Critical condition.

•3 or errors—Error.

•4 or warnings—Warning.

•5 or notifications—Normal but significant condition.

•6 or informational—Information.

•7 or debugging—Debug messages, log FTP commands, and WWW URLs.
0
 

Author Comment

by:titanax
ID: 18081995
hi lrmoore, if I want any informtion to be sent regardless of importance (except debugging) I set it to:

mail loggin 6

Am I correct?
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 18082032
yes, but you might not like the flood of emails
0

Featured Post

Major Incident Management Communications

Major incidents and IT service outages cost companies millions. Often the solution to minimizing damage is automated communication. Find out more in our Major Incident Management Communications infographic.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question