Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Configuring ASA5510 to send logs to Kiwi syslog server

Posted on 2014-02-19
6
Medium Priority
?
3,132 Views
Last Modified: 2014-02-19
I am trying to send logs to my Kiwi Syslog server, but I must be doing something wrong.  If you look a the "show logging" output,  I am getting asdm logs, but no logs sent to my Kiwi server.  

ASA5510# show logging
Syslog logging: enabled
    Facility: 20
    Timestamp logging: enabled
    Standby logging: disabled
    Debug-trace logging: disabled
    Console logging: disabled
    Monitor logging: disabled
    Buffer logging: disabled
    Trap logging: level errors, facility 20, 0 messages logged
        Logging to inside 172.31.252.63
    History logging: disabled
    Device ID: disabled
    Mail logging: disabled
    ASDM logging: level informational, 36911019 messages logged

Any ideas?
0
Comment
Question by:denver218
  • 3
  • 2
6 Comments
 
LVL 18

Expert Comment

by:Akinsd
ID: 39870312
Is 172.31.252.63 your KIWI server?

Show run logging
0
 
LVL 4

Author Comment

by:denver218
ID: 39870343
Yes it is my kiwi server and i can ping it from the ASA.

ASA5510# show run logging
logging enable
logging timestamp
logging trap errors
logging asdm informational
logging host inside 172.31.252.63
logging permit-hostdown
no logging message 106015
no logging message 313001
no logging message 313008
no logging message 106023
no logging message 710003
no logging message 106100
no logging message 302015
no logging message 302014
no logging message 302013
no logging message 302018
no logging message 302017
no logging message 302016
no logging message 302021
no logging message 302020
0
 
LVL 9

Accepted Solution

by:
ffleisma earned 1000 total points
ID: 39870345
first check if logging server is reachable via ping 172.31.252.63

check if you are using the same UDP port 514 (although this is default) for the logging server and the ASA

another thing, which particular logs are you looking for on the syslog server? you might want to adjust the settings on the ACL you are trying to monitor and match it with the trap setting. i can see the trap logging is set to level errors. either adjust the logging level on the ACL or the trap level.

access-list inside_access_in line 1 extended permit ip any any log 3 interval 300
logging
hope this helps and let us know if you have any further questions
0
Get Certified for a Job in Cybersecurity

Want an exciting career in an emerging field? Earn your MS in Cybersecurity and get certified in ethical hacking or computer forensic investigation. WGU’s MSCSIA degree program was designed to meet the most recent U.S. Department of Homeland Security (DHS) and NSA guidelines.  

 
LVL 18

Assisted Solution

by:Akinsd
Akinsd earned 1000 total points
ID: 39870373
packet-tracer input inside udp ip.of.asa 514 172.31.252.63 514 de

Focus more on phase 2 (ACL).
That should tell if the ASA is filtering the packet
0
 
LVL 4

Author Closing Comment

by:denver218
ID: 39871230
Thanks guys, it works now.  I didn't change anything, but when I came back from lunch I saw logs from the ASA in the Kiwi server.  Its been sending logs since.  Thanks.
0
 
LVL 18

Expert Comment

by:Akinsd
ID: 39872073
Excellent!
0

Featured Post

Veeam and MySQL: How to Perform Backup & Recovery

MySQL and the MariaDB variant are among the most used databases in Linux environments, and many critical applications support their data on them. Watch this recorded webinar to find out how Veeam Backup & Replication allows you to get consistent backups of MySQL databases.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
Let’s face it: one of the reasons your organization chose a SaaS solution (whether Microsoft Dynamics 365, Netsuite or SAP) is that it is subscription-based. The upkeep is done. Or so you think.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question