[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

ASA5510: Send logs via email

Posted on 2006-11-28
12
Medium Priority
?
425 Views
Last Modified: 2010-04-09
Hi,

I need to send the firewall log to an e-mail account, our MX server is located on our LAN

I have configured the following:

enable logging
logging mail 3
logging from-address asa@mydomain.com
logging recipient-address admin@mydomain.com
smtp-server 10.143.3.4

---------------------------------------

sh logging - shows that there are messages in the "mail" - but the recipient is not getting any emails, what else do I need to configure?

What else do I need to configure?

I pretty much followed this:
http://www.cisco.com/en/US/products/ps6120/products_configuration_guide_book09186a00806a61b0.html


0
Comment
Question by:titanax
  • 5
  • 5
10 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 18030823
Does your mailserver have an account "asa" ? Does it require authentication for email from internal hosts?
your mailserver may not be set up to accept email from internal hosts..

0
 

Author Comment

by:titanax
ID: 18033948
thats what i suspected, but this asa is to replace the sonicwall 100 pro & the SW does not have any accounts on the MX; or thats whats the MX administrator claims.

as far as configs are concerned - have i got it nailed ?
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 18035188
>have i got it nailed
100% according to all Cisco published documentation
Can you ping the server IP from the ASA? It could be a simple routing issue if this is in a 'test' mode and the Sonicwall is still the primary firewall.
0
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

 

Author Comment

by:titanax
ID: 18035823
haven't thought of trying to ping! LOL! will be going to site tomorrow to test it out.

Routing issue - what do you mean?
0
 

Author Comment

by:titanax
ID: 18050485
ping works, so i don't think its a routing issue. i've change the "logging from-address {from unauthenicated to authenicated user}"

but the mails are not recieved by the recipient.

qn:
at what intervals are logged sent out? are they defined by the buffer log size? how do i force the logging to send out an e-mail?
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 18053527
Whenever any level 3 message gets genereated. This would be a critical event like interface down or something. Since it is not in production yet, unplug the outside interface and see if that generates a trap and an email.
0
 

Author Comment

by:titanax
ID: 18058454
> Whenever any level 3 message gets genereated - the reason for this is prob coz I set "logging mail 3" right?

So I can either change the logging level to 1 or like u suggest unplug the outside intf - great, I will try it!
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 18059414
Change the logging level to 5 not 1
Level 3 will generate traps for all lower levels

Sets the maximum level for system log messages. For example, if you set the level to 3, then the security appliance generates system log messages for level 3, 2, 1, and 0. You can specify either the number or the name, as follows:

•0 or emergencies—System unusable.

•1 or alerts—Take immediate action.

•2 or critical—Critical condition.

•3 or errors—Error.

•4 or warnings—Warning.

•5 or notifications—Normal but significant condition.

•6 or informational—Information.

•7 or debugging—Debug messages, log FTP commands, and WWW URLs.
0
 

Author Comment

by:titanax
ID: 18081995
hi lrmoore, if I want any informtion to be sent regardless of importance (except debugging) I set it to:

mail loggin 6

Am I correct?
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 2000 total points
ID: 18082032
yes, but you might not like the flood of emails
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
Are you ready to place your question in front of subject-matter experts for more timely responses? With the release of Priority Question, Premium Members, Team Accounts and Qualified Experts can now identify the emergent level of their issue, signal…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question