ASA logging & email


I would like to setup multiple logging lists on my ASA5520s and have mail sent out to their respective groups.


logging list abc
logging list abc message 123456
logging list abc message 123457
logging list abc message 123458
logging mail abc
logging from-address
logging recipient-address

logging list def
logging list def message 113456
logging list def message 113457
logging list def message 113458
logging mail def
logging from-address
logging recipient-address

logging list ghi
logging list ghi message 133456
logging list ghi message 133457
logging list ghi message 133458
logging mail ghi
logging from-address
logging recipient-address

I know the above won't work as is. Is there a way to accomplish this, besides setting up alerts on the syslog machine?

LVL 21
Who is Participating?
btanConnect With a Mentor Exec ConsultantCommented:
though logging list and logging mail seems possible from the first shared link from surbabu140977

logging enable
logging timestamp

logging list e-mail-notification level critical
logging list e-mail-notification message 713050

logging list e-mail-notification level errors
logging list e-mail-notification message 611101-611102

smtp-server 192.168.1.XXX
logging mail e-mail-notification
logging from-address
logging recipient-address level errors
logging recipient-address level critical
ASA do send logs directly over email without syslog servers. You need to do some 30 mins reading. That's all.

KuppingerCole Reviews AlgoSec in Executive Report

Leading analyst firm, KuppingerCole reviews AlgoSec's Security Policy Management Solution, and the security challenges faced by companies today in their Executive View report.

btanExec ConsultantCommented:
netcmhAuthor Commented:
I'm sorry, but I couldn't find what I am looking for.

I've seen those pages before and I've tried reading into them again based on your suggestions.

My requirement is to send 3 different people alert emails when 3 different events happen on the ASA. Do-able? Any example might really help drive the point home to me.

netcmhAuthor Commented:
So, with the above you're configuring critical to include, not replace existing with, 713050; and the same with the errors.

then, as the events occur and are triggered, only the intended recepients for errors and criticals recieve the respective emails.

Help me get this straight. Thanks
btanExec ConsultantCommented:
that is my interpretation and not tested though. thanks
netcmhAuthor Commented:
Seeing that I would be implementing this on a live edge firewall, I would need more assurance. I hope you understand.

btanExec ConsultantCommented:
noted that is why staging environment is always best. But then again, i will suggest that your org contracted support can help you verified as they would know your environment better. nothing beats the principle to confirm this which I see they will help if they valued as customer in long term basis.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.