ASA5505:Syslogging messages

ASA5505:Syslogging messages

by Cyrus Lok on Saturday, April 10, 2010 at 2:09pm

ciscoasa(config)# sh logging
Syslog logging: enabled
Facility: 20
Timestamp logging: enabled
Standby logging: disabled
Debug-trace logging: disabled
Console logging: disabled
Monitor logging: disabled
Buffer logging: level warnings, 55 messages logged
Trap logging: level notifications, facility 20, 31 messages logged
Logging to inside 192.168.1.2
History logging: disabled
Device ID: disabled
Mail logging: disabled
ASDM logging: level informational, 1071 messages logged

As you can see informational (level 6) messages are 1071!! Well that’s only started for 1hour!

I can set logging to:
1. asa5505 itself which is referred to as buffer:
ciscoasa(config)# logging buffered ?

configure mode commands/options:
<0-7> Enter syslog level (0 – 7)
WORD Specify the name of logging list
alerts Immediate action needed (severity=1)
critical Critical conditions (severity=2)
debugging Debugging messages (severity=7)
emergencies System is unusable (severity=0)
errors Error conditions (severity=3)
informational Informational messages (severity=6)
notifications Normal but significant conditions (severity=5)
warnings Warning conditions (severity=4)

Buffer size can be customized by me:
ciscoasa(config)# logging buffer-size ?

configure mode commands/options:
<4096-1048576> Specify logging buffer size in bytes

2. I can set logging to asdm:

ciscoasa(config)# logging asdm ?

configure mode commands/options:
<0-7> Enter syslog level (0 – 7)
WORD Specify the name of logging list
alerts Immediate action needed (severity=1)
critical Critical conditions (severity=2)
debugging Debugging messages (severity=7)
emergencies System is unusable (severity=0)
errors Error conditions (severity=3)
informational Informational messages (severity=6)
notifications Normal but significant conditions (severity=5)
warnings Warning conditions (severity=4)

The logging can be enabled in the ASDM itself.

3. I can log to a syslog server:

ciscoasa(config)# logging host inside ?

configure mode commands/options:
Hostname or A.B.C.D Specify the IP address or name of the syslog server.

ciscoasa(config)# logging trap ?

configure mode commands/options:
<0-7> Enter syslog level (0 – 7)
WORD Specify the name of logging list
alerts Immediate action needed (severity=1)
critical Critical conditions (severity=2)
debugging Debugging messages (severity=7)
emergencies System is unusable (severity=0)
errors Error conditions (severity=3)
informational Informational messages (severity=6)
notifications Normal but significant conditions (severity=5)
warnings Warning conditions (severity=4)

4. Send syslog through email:

ciscoasa(config)# logging recipient-address cyruslok@hotmail.com level ?

configure mode commands/options:
<0-7> Enter syslog level (0 – 7)
alerts Immediate action needed (severity=1)
critical Critical conditions (severity=2)
debugging Debugging messages (severity=7)
emergencies System is unusable (severity=0)
errors Error conditions (severity=3)
informational Informational messages (severity=6)
notifications Normal but significant conditions (severity=5)
warnings Warning conditions (severity=4)

Advertisements
This entry was posted in Security. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s