Assuming that SyslogNG is configured and running then the setup is quick and easy:
Cisco ASA config:
1. Enable logging:
logging enable logging timestamp
2. Send messages to our sylog server:
logging trap notifications logging facility 21 logging device-id hostname logging host inside IP.ADD.RE.SS udp 514
available trap levels:
{1 | alerts}—Immediate action needed
{2 | critical}—Critical conditions
{3 | errors}—Error conditions
{4 | warnings}—Warning conditions
{5 | notifications}—Normal but significant conditions
{6 | informational}—Informational messages
{7 | debugging}— Debugging messages
3. Optional – setup NTP
ntp server 192.5.41.41 source outside ntp server 192.5.41.40 source outside prefer
Syslog-ng config:
open /etc/syslog-ng/syslog-ng.conf
and add the following lines:
source s_net { udp(ip(192.168.1.60) port(514)); tcp(ip(192.168.1.60) port(51400)); };
and
log { source(s_net); destination(d_mysql); };
then restart the syslog-ng service:
service syslog-ng restart