Avatar of liyy
liyy
 asked on

Enable Cisco ASA 5505 log to Mac OSX Server

Hi,

I want to enable ASA 5505 log in order to monitor the network, I know that on Server side, it enable syslog something like that, but can someone provide more specific steps how to save ASA 5505 log on Mac OS X 10.6.x Server.
Mac OS XCisco

Avatar of undefined
Last Comment
Ernie Beek

8/22/2022 - Mon
Ernie Beek

Basically you just need:
logging enable
logging timestamp
logging trap warnings
logging device-id hostname
logging host inside x.x.x.x

To send the syslog messages to host x.x.x.x (ip of the mac server).
Of course you'll need some software on the server to capture the syslogs.
liyy

ASKER
erniebeek,

ASA 5505 log setting is not hard to do that, I cannot solve the server side configuration!
Ernie Beek

Ah, already found it an easy question ;)

On the other side you should have a look at: /System/Library/LaunchDaemons/com.apple.syslogd.plist. uncomment the lines after the text "Un-comment the following lines to enable the network syslog protocol listener". Then use launchctl to reload that file.

That should do the trick (though I'm not a Mac OS guru).
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
liyy

ASKER
erniebeek,

I checked the server settings, I have no idea how to set the log filename and log file location I should put it on?
Ernie Beek

Well, by default it should log to: /var/log/system.log
Or do you want it in another location?
liyy

ASKER
if I want to put it to /var/log/ASA/5505.log? How can I change the settings!
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Ernie Beek

Try adding the following at the start of /etc/syslog.conf

# Log remote ASA 5505
#ASA IP address
+1.2.3.4
*.*<tab><tab>/var/log/ASA/5505.log
!* #end block


Where 1.2.3.4 is the ip of your asa.
liyy

ASKER
thanks, let me try it when I come back to office.
Ernie Beek

I'll be waiting :)
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
liyy

ASKER
I have configure following, but it seems not working:

ASA 5505
=======
logging enable
logging host inside 192.168.1.6
logging trap 3
exit

Server
=====
edit syslog.conf
add following:
192.168.1.1 <tab> <tab><tab> /var/log/ASA/5505.log
save

Goto /var/log
mkdir ASA
cd ASA
touch 5505.log


uncomment the lines after the text "Un-comment the following lines to enable the network syslog protocol listener" on following file
/System/Library/LaunchDaemons/com.apple.syslogd.plist

reload above file

After one hour, the file size still zero.
liyy

ASKER
Below is ASA show logging message for your reference

ASA3# sh logging
Syslog logging: enabled
    Facility: 20
    Timestamp logging: disabled
    Standby logging: disabled
    Debug-trace logging: disabled
    Console logging: disabled
    Monitor logging: disabled
    Buffer logging: disabled
    Trap logging: level errors, facility 20, 0 messages logged
        Logging to inside 192.168.1.6
    History logging: disabled
    Device ID: hostname "ASA3"
    Mail logging: disabled
    ASDM logging: level informational, 62558895 messages logged
ASKER CERTIFIED SOLUTION
Ernie Beek

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
liyy

ASKER
It works, thanks erniebeek,

last two questions

1/  How can I disable logging from ASA 5505 if I don't want to log message!
2/  Is it same configuration on Linux Server, Linux doesn't use plist file, what file should I use?
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Ernie Beek

1) just issue: no logging enable
2) linux is slightly different but it's fairly the same for most distro's. Have a look at: http://news.softpedia.com/news/Setting-Up-a-Central-Syslog-Server-44063.shtml 
liyy

ASKER
Thanks.
Ernie Beek

You're welcome :)
Thx for the points.
Your help has saved me hundreds of hours of internet surfing.
fblack61