Cisco ASA – setup logging to Syslog-ng

Assuming that SyslogNG is configured and running then the setup is quick and easy:

Cisco ASA config:

1. Enable logging:

logging enable 
 logging timestamp

2. Send messages to our sylog server:

logging trap notifications
 logging facility 21 
 logging device-id hostname 
 logging host inside IP.ADD.RE.SS udp 514

available trap levels:

{1 | alerts}—Immediate action needed
{2 | critical}—Critical conditions
{3 | errors}—Error conditions
{4 | warnings}—Warning conditions
{5 | notifications}—Normal but significant conditions
{6 | informational}—Informational messages
{7 | debugging}— Debugging messages

3. Optional – setup NTP

ntp server 192.5.41.41 source outside 
ntp server 192.5.41.40 source outside prefer

 

 Syslog-ng config:

open /etc/syslog-ng/syslog-ng.conf

and add the following lines:

source s_net {
       udp(ip(192.168.1.60) port(514));
       tcp(ip(192.168.1.60) port(51400));
};

and

log {
  source(s_net);
  destination(d_mysql);
};

then restart the syslog-ng service:

service syslog-ng restart

 

Leave a Reply

Your email address will not be published. Required fields are marked *

3 − two =

This site uses Akismet to reduce spam. Learn how your comment data is processed.