How to configure syslog on cisco ASA? / How to send logs to syslog server?
Hello,
Couple of engineers have asked me what commands are really required to make sure ASA is sending logs to syslog server. So I thought this could help someone else looking for it on Internet.
So first thing you need is a syslog server's IP address. You can have a syslog server internal or external. Let's say we have a syslog server which is reachable from inside.
Syslog server IP: 192.168.1.5
==================================
If you are just looking for quick commands then here you. But if you need to understand this, then continue reading.
conf t
logging host inside 192.168.1.5
logging trap debugging
==================================
Now you need to tell this to your ASA. Let's introduce syslog server to the ASA.
conf t
logging host inside 192.168.1.5
! here inside tells the ASA that syslog server is reachable via inside interface. When ASA goes to syslog server, it uses inside interface IP. Same way if your syslog server is reachable via Internet/outside interface then you know what change you need to make.
By doing this is not enough for ASA to start sending logs to syslog server. You need to tell the ASA to start sending logs.
We can do several types of logging. There are 7 levels of logging you can do. Higher you go, more logs you send to syslog server.
Alert Messages, Severity 1
Critical Messages, Severity 2
Error Messages, Severity 3
Warning Messages, Severity 4
Notification Messages, Severity 5
Informational Messages, Severity 6
Debugging Messages, Severity 7
with "logging trap" command we tell the ASA to start sending logs to syslog, but also define what level of logging you need to send.
the exact command will be :
logging trap debugging
so the exact commands at once will be:
==================================
conf t
logging host inside 192.168.1.5
logging trap debugging
==================================
Couple of engineers have asked me what commands are really required to make sure ASA is sending logs to syslog server. So I thought this could help someone else looking for it on Internet.
So first thing you need is a syslog server's IP address. You can have a syslog server internal or external. Let's say we have a syslog server which is reachable from inside.
Syslog server IP: 192.168.1.5
==================================
If you are just looking for quick commands then here you. But if you need to understand this, then continue reading.
conf t
logging host inside 192.168.1.5
logging trap debugging
==================================
Now you need to tell this to your ASA. Let's introduce syslog server to the ASA.
conf t
logging host inside 192.168.1.5
! here inside tells the ASA that syslog server is reachable via inside interface. When ASA goes to syslog server, it uses inside interface IP. Same way if your syslog server is reachable via Internet/outside interface then you know what change you need to make.
By doing this is not enough for ASA to start sending logs to syslog server. You need to tell the ASA to start sending logs.
We can do several types of logging. There are 7 levels of logging you can do. Higher you go, more logs you send to syslog server.
Alert Messages, Severity 1
Critical Messages, Severity 2
Error Messages, Severity 3
Warning Messages, Severity 4
Notification Messages, Severity 5
Informational Messages, Severity 6
Debugging Messages, Severity 7
with "logging trap" command we tell the ASA to start sending logs to syslog, but also define what level of logging you need to send.
the exact command will be :
logging trap debugging
so the exact commands at once will be:
==================================
conf t
logging host inside 192.168.1.5
logging trap debugging
==================================
0 comments:
Post a Comment