Solved

ASA logging & email

Posted on 2013-05-23
9
585 Views
Last Modified: 2013-06-12
Hello,

I would like to setup multiple logging lists on my ASA5520s and have mail sent out to their respective groups.

eg.

logging list abc
logging list abc message 123456
logging list abc message 123457
logging list abc message 123458
logging mail abc
logging from-address CiscoASA@mycompany.com
logging recipient-address admin1@mycompany.com

logging list def
logging list def message 113456
logging list def message 113457
logging list def message 113458
logging mail def
logging from-address CiscoASA@mycompany.com
logging recipient-address admin2@mycompany.com

logging list ghi
logging list ghi message 133456
logging list ghi message 133457
logging list ghi message 133458
logging mail ghi
logging from-address CiscoASA@mycompany.com
logging recipient-address admin3@mycompany.com

I know the above won't work as is. Is there a way to accomplish this, besides setting up alerts on the syslog machine?

Thanks
0
Comment
Question by:netcmh
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
9 Comments
 
LVL 17

Expert Comment

by:surbabu140977
ID: 39193332
ASA do send logs directly over email without syslog servers. You need to do some 30 mins reading. That's all.

http://community.spiceworks.com/how_to/show/388-cisco-asa-sending-email-alerts

Best,
0
 
LVL 63

Expert Comment

by:btan
ID: 39193358
0
 
LVL 63

Expert Comment

by:btan
ID: 39193361
0
Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

 
LVL 20

Author Comment

by:netcmh
ID: 39194094
I'm sorry, but I couldn't find what I am looking for.

I've seen those pages before and I've tried reading into them again based on your suggestions.

My requirement is to send 3 different people alert emails when 3 different events happen on the ASA. Do-able? Any example might really help drive the point home to me.

Thanks
0
 
LVL 63

Accepted Solution

by:
btan earned 500 total points
ID: 39194159
though logging list and logging mail seems possible from the first shared link from surbabu140977

logging enable
logging timestamp

logging list e-mail-notification level critical
logging list e-mail-notification message 713050

logging list e-mail-notification level errors
logging list e-mail-notification message 611101-611102

smtp-server 192.168.1.XXX
logging mail e-mail-notification
logging from-address ASA@yourplace.com
logging recipient-address email1@yourplace.com level errors
logging recipient-address email2@yourplace.com level critical

http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/l2.html#wp1772936
0
 
LVL 20

Author Comment

by:netcmh
ID: 39202165
So, with the above you're configuring critical to include, not replace existing with, 713050; and the same with the errors.

then, as the events occur and are triggered, only the intended recepients for errors and criticals recieve the respective emails.

Help me get this straight. Thanks
0
 
LVL 63

Expert Comment

by:btan
ID: 39203255
that is my interpretation and not tested though. thanks
0
 
LVL 20

Author Comment

by:netcmh
ID: 39204196
Seeing that I would be implementing this on a live edge firewall, I would need more assurance. I hope you understand.

Thanks.
0
 
LVL 63

Expert Comment

by:btan
ID: 39204476
noted that is why staging environment is always best. But then again, i will suggest that your org contracted support can help you verified as they would know your environment better. nothing beats the principle to confirm this which I see they will help if they valued as customer in long term basis.
0

Featured Post

Webinar May 25: Cloud Security Strategies for SMBs

Small and mid-sized businesses are a driving force behind cloud adoption, and it’s no wonder: cloud benefits are BIG.  But for all the convenience that moving to the cloud provides, where does security come into play?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article is a step by step guide on how to create a basic PTP link using Ubiquiti airOS devices. This guide can be used on the following Ubiquiti AirMAX devices. Nanostation, Bullets, AirBridge, Nanobeam, NanoBridge to name a few. Please review …
Network ports are the threads that hold network communication together. They are an essential part of networking that can be easily ignore or misunderstood, my goals is to show those who don't have a strong network foundation how network ports opera…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question