1. No category

Device Logging

Device Logging
The ASA logging page lets you enable system logging, configure logging options, and define the syslog
servers to which messages are sent.
• Logging Configuration, page 1
• Syslog Servers, page 2
Logging Configuration
Use the Logging Configuration screen to enable and configure system logging on a security appliance.
Procedure
Step 1
Step 2
Open the device configuration page by selecting Device > Devices, mousing over the device and clicking
Device Configuration.
Click Logging Configuration in the Device Logging Configuration section of the Device Configuration
screen.
The Logging Configuration screen is displayed.
Step 3
Define or alter the logging parameters, as necessary:
• Logging – Click this switch to turn logging on the security appliance On or Off.
If you turn off logging on the ASA, the current settings are retained.
• Filter On Severity – Choose a message-filtering level from this list to filter syslog messages according
to their severity. The level you choose represents the least severe condition to be logged. For example,
if you set the severity filter to Error (level 3,) the device will log messages for severity levels 3, 2, 1,
and 0. The severity levels are:
◦None – No filtering; all messages are sent.
◦Emergency (level 0) – System is unusable. Using a severity level of zero is not recommended.
◦Alert (level 1) – Immediate action is required.
◦Critical (level 2) – Critical conditions exist.
User Guide for ASA CX and Cisco Prime Security Manager 9.1
OL-28138-02
1
Device Logging
Syslog Servers
◦Error (level 3) – Error conditions exist.
◦Warning (level 4) – Warning conditions exist.
◦Notification (level 5) – Normal but significant conditions exist.
◦Informational (level 6) – Informational messages only.
◦Debugging (level 7) – Debugging messages only.
• Logging Queue – Specify the number of syslog messages that the appliance can hold in its queue before
sending them to the output destination; the default value is 512.
Valid values are from 0 to 8192 messages, depending on device. If the Logging Queue is set to zero,
the queue is the maximum configurable size for the device. For the ASA 5505, the maximum is 1024;
for the ASA 5510 it is 2048; for all other ASAs, the maximum is 8192 messages.
• Send as EMBLEM Format – Use this switch to turn On or Off EMBLEM formatting of the logged
messages. This is the format used by Cisco IOS routers and switches.
Note
If you enable EMBLEM formatting, you must use the UDP protocol to publish syslog
messages—EMBLEM is not compatible with TCP. See Syslog Servers, on page 2 for more
information.
• Allow user traffic when TCP server is down – Use this switch to turn On or Off connection blocking
to TCP-based syslog servers.
When TCP is the protocol specified for communications with a syslog server, by default the security
appliance will drop connections across the firewall if the syslog server is unreachable. Turn this option
On to disable connection blocking.
• Send debug as syslog – Turn this option On to redirect all debug trace output to the syslog.
Syslog messages do not appear in the console if this option is enabled. Therefore, to see debug messages,
you must enable logging at the console and configure it as the destination for the debug syslog message
number and logging level. The syslog message number used is 711011 . Default logging level for this
syslog is debug.
• Send to standby unit – Use this switch to turn On or Off logging on the failover unit paired with this
security appliance.
Step 4
Click Save to save the updated logging-configuration information.
You are returned to the device-configuration screen.
Syslog Servers
The Syslog Servers screen lets you specify one or more syslog servers to which the selected security appliance
will send syslog messages. By directing syslog records generated by a security appliance to a syslog server,
you can process and study the records.
User Guide for ASA CX and Cisco Prime Security Manager 9.1
2
OL-28138-02
Device Logging
Creating and Editing Syslog Server Definitions
Note
To make use of the syslog servers you define, you must also enable logging via the Logging Settings page.
Creating and Editing Syslog Server Definitions
You can add and edit syslog server definitions as part of a device configuration. These definitions specify
target servers to which the security appliance sends syslog messages. (See Deleting A Syslog Server Definition,
on page 4 for information about removing a definition.)
There is a limit of four syslog servers per context.
Note
To employ the syslog servers you define, you must enable logging via the Logging Configuration screen.
Procedure
Step 1
Step 2
Step 3
Open the device configuration page by selecting Device > Devices, mousing over the device and clicking
Device Configuration.
Click Syslog Servers in the Device Logging Configuration section of the Device Configuration screen.
The list of currently configured syslog servers is displayed.
Do one of the following:
• To add a new syslog target server, click the Add button to open the new syslog server-configuration
screen.
• To edit an existing syslog target, simply click anywhere in the desired server entry to open the syslog
server-configuration screen, which displays the current parameters for that server.
Step 4
Define or alter the following Syslog Server parameters, as necessary:
• Interface – Choose the interface on which the syslog server is contacted—this list displays all available
interfaces.
• IP Address – Enter the IP address of the syslog server.
• Protocol – Choose a packet-transmission protocol—UDP or TCP—for communication with the syslog
server; UDP is the default. TCP ports work only with a security appliance syslog server.
Note
You must choose UDP if you intend to use the EMBLEM
format.
• Port – Enter the number of the port from which the security appliance sends either UDP or TCP syslog
messages. This port must be the same port on which the syslog server listens.
The default UDP and TCP ports are:
◦514 (UDP).
◦1470 (TCP) – TCP ports work only with a security appliance syslog server.
User Guide for ASA CX and Cisco Prime Security Manager 9.1
OL-28138-02
3
Device Logging
Deleting A Syslog Server Definition
• Send Syslog in EMBLEM Format – Check this box to generate syslog messages using Cisco’s EMBLEM
format, which is the format used by Cisco IOS routers and switches.
Note
To use this option, you must choose UDP as the
Protocol.
• Enable Secure Syslog Using SSL/TLS – Check this box to secure the connection to the syslog server
using SSL/TLS over TCP, and to encrypt the syslog message content.
A secure logging connection can only be established with a SSL/TLS-capable syslog server. If a SSL/TLS
connection cannot be established, all new connections will be denied.
Note
Step 5
To use this option, you must choose TCP as the
Protocol.
Click Save to save the new or updated syslog server definition.
You are returned to the list of syslog servers.
Deleting A Syslog Server Definition
You can delete a syslog server definition from a device configuration.
See Creating and Editing Syslog Server Definitions, on page 3 for information about adding and editing
definitions.
Procedure
Step 1
Click Syslog Servers in the Device Logging Configuration section of the Device Configuration screen. (See
Working with the Device Configuration for information about accessing the Device Configuration screen.)
The list of currently configured syslog servers is displayed.
Step 2
Step 3
Click anywhere in the desired server entry to open that syslog server-configuration screen.
Click the Delete button to discard this syslog server definition.
After you confirm the deletion, you are returned to the list of syslog servers.
User Guide for ASA CX and Cisco Prime Security Manager 9.1
4
OL-28138-02

 Download  Report

Paperzz.com

Your Paperzz

© Copyright 2026 Paperzz