• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3257
  • Last Modified:

Configuring ASA5510 to send logs to Kiwi syslog server

I am trying to send logs to my Kiwi Syslog server, but I must be doing something wrong.  If you look a the "show logging" output,  I am getting asdm logs, but no logs sent to my Kiwi server.  

ASA5510# show logging
Syslog logging: enabled
    Facility: 20
    Timestamp logging: enabled
    Standby logging: disabled
    Debug-trace logging: disabled
    Console logging: disabled
    Monitor logging: disabled
    Buffer logging: disabled
    Trap logging: level errors, facility 20, 0 messages logged
        Logging to inside 172.31.252.63
    History logging: disabled
    Device ID: disabled
    Mail logging: disabled
    ASDM logging: level informational, 36911019 messages logged

Any ideas?
0
denver218
Asked:
denver218
  • 3
  • 2
2 Solutions
 
AkinsdNetwork AdministratorCommented:
Is 172.31.252.63 your KIWI server?

Show run logging
0
 
denver218Author Commented:
Yes it is my kiwi server and i can ping it from the ASA.

ASA5510# show run logging
logging enable
logging timestamp
logging trap errors
logging asdm informational
logging host inside 172.31.252.63
logging permit-hostdown
no logging message 106015
no logging message 313001
no logging message 313008
no logging message 106023
no logging message 710003
no logging message 106100
no logging message 302015
no logging message 302014
no logging message 302013
no logging message 302018
no logging message 302017
no logging message 302016
no logging message 302021
no logging message 302020
0
 
ffleismaSenior Network EngineerCommented:
first check if logging server is reachable via ping 172.31.252.63

check if you are using the same UDP port 514 (although this is default) for the logging server and the ASA

another thing, which particular logs are you looking for on the syslog server? you might want to adjust the settings on the ACL you are trying to monitor and match it with the trap setting. i can see the trap logging is set to level errors. either adjust the logging level on the ACL or the trap level.

access-list inside_access_in line 1 extended permit ip any any log 3 interval 300
logging
hope this helps and let us know if you have any further questions
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
AkinsdNetwork AdministratorCommented:
packet-tracer input inside udp ip.of.asa 514 172.31.252.63 514 de

Focus more on phase 2 (ACL).
That should tell if the ASA is filtering the packet
0
 
denver218Author Commented:
Thanks guys, it works now.  I didn't change anything, but when I came back from lunch I saw logs from the ASA in the Kiwi server.  Its been sending logs since.  Thanks.
0
 
AkinsdNetwork AdministratorCommented:
Excellent!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Certified Penetration Testing

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now