Solved

cisco ASA syslog issue

Posted on 2014-01-27
5
625 Views
Last Modified: 2014-02-17
Hi,

 can we get history of users logged into cisco ASA including login period & logout time both

With out syslog server , can we see the history  in a firewall..
Is there any commands to see or any logging related configuration..?

regards
Ram
0
Comment
Question by:RAMU CH
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 57

Expert Comment

by:Pete Long
ID: 39811595
Ram

This is usually a feature of AAA rather than syslog?


Pete
0
 
LVL 8

Accepted Solution

by:
amatson78 earned 500 total points
ID: 39812440
The ASA does not have a long term log, anything including AAA and others. The default buffer for logging (Configuration > Device Management > Logging > Logging Setup is 4096 bytes. You can also save the buffer to FTP or email or send it via Syslog. This is the best way.

For the login messages you will want to look for any login messages in the logs such as below which depending on your syslog can be searched:

Logging
0
 
LVL 1

Author Comment

by:RAMU CH
ID: 39814491
Is there any free syslog toools available in internet market..

How about Kiwi?


1.What should be the system details generally required to store Log data in a server?

2. What should be the configuration for only monitoring for Login and logout sessions instead every traffic to prevent  server gets  overloaded?


Regards
Ramu
0
 
LVL 8

Expert Comment

by:amatson78
ID: 39816421
I use Splunk which is a free SIEM product that accepts syslog. Easy to search through and make custom filters. As far as system specs depends on the product. Configuration is all done via the Cisco ASA, you can enable what features you want to log and what you don't.
0
 
LVL 1

Author Closing Comment

by:RAMU CH
ID: 39864510
Tks
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently had the displeasure of buying a new firewall at one of the buildings I play Sys Admin at. I had to get a better firewall than the cheap one that I had there since I was reconnecting the main office to the satellite office via point-to-poi…
Network traffic routing plays key role in your network, if you have single site with heavy browsing or multiple sites, replicating important application data from your Primary Default Gateway ,you have to route your other network traffic from your p…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question