CSM (disable ticket): Configuring logging to new device

Ticket management
By default Cisco Security Manager enables ticket, however I have disabled the ticket management.

The purpose of ticket is before any changes is made with CSM you need to create a ticket, then proceed to do the changes, after changes is made and saved, you need to submit the ticket. If workflow is disabled, submitted ticket will be automatically approved. Only when the ticket is approved, user can then deploy the changes.

To disable or enable ticket management click on Tools > Security Manager Administration.
ticket1

To disable uncheck Enable Ticketing.
ticket2

Configuring logging
Under the Policies box, follow this path Logging > Syslog > Logging Filters.
logging1

Step 1: Add row by clicking on the “+” button at the bottom right.
logging2a

Step 2: From the Logging Destination drop down box, select Syslog Servers.
logging2b

Step 3: Select informational from the drop down box, you can choose the severity level you like then click OK button. Choosing this is the same as this command logging trap informational.
logging2c

Step 4: Click save.
logging4

Step 5: Adding the syslog server.
logging5a

Add the row and configure the syslog source interface and syslog server address.

CSM is the object I have created with Cisco Security Manager.

CSM is the object I have created with Cisco Security Manager.

Save this configuration.
logging5c
This configuration is the same as this command logging host management 172.16.0.30

Note that the policy object created in CSM is not the same as the object command in Cisco ASA.

Deployment
Saving the configuration will not change the Cisco ASA configuration. If you have regretted the changes you can choose to discard the changes.
logging5d

Click yes to discard.

Click yes to discard.

Before you submit and deploy the new configuration to the Cisco ASA, you can check what commands will be deployed to the Cisco ASA.

To see the command changes, from the menu click on Tools > Preview Configuration.
logging6

logging7

ASA (Delta) presents commands that will be inserted/removed, since the commands are in green, it means these two lines of commands will be pushed to the ASA once deployed.

You can also compare the new proposed configuration with the previous configuration, in this example I want to compare the proposed configuration with the existing running-config.

Line 57 and 59 are commands that will be inserted if this proposed configuration is deployed.

Line 57 and 59 are commands that will be inserted if this proposed configuration is deployed.

From the menu click on File > Deploy to deploy the configuration to the Cisco ASA.
logging9

Changes have to be submitted before deployment.

Changes have to be submitted before deployment.

Alternatively you can choose File > Submit and Deploy to submit the changes and deployment at the same time.
logging10a

Do not blindly click on Deploy button, always have a habit to check which device will be deployed first, previously I have made some changes to another device but have not deployed the changes yet. I chose ASALAB because I want ASALAB to have the logging configuration now.
logging11

Changes deployed to the Cisco ASA successfully.

Changes deployed to the Cisco ASA successfully.

Check and verify
I ssh into the Cisco ASA to check the command changes to make sure…

asalab# sh run logging
logging enable
logging timestamp
logging buffer-size 8092
logging buffered informational
logging trap informational
logging asdm informational
logging host management 172.16.0.30

Revert changes/Rollback
I can revert the changes back to the previous configuration. Click on Manage > Configuration Archive…
logging13

So far this is the second configuration in the archive since its first discovery. I can choose the first configuration discovered during the device discovery process to rollback to this configuration. Click on Rollback button to revert the changes of the Cisco ASA.

logging14

Click ok to the warning if you have thought carefully.

Click ok to the warning if you have thought carefully.

I lost my ssh connection while it is reverting.

I lost my ssh connection while it is reverting.

logging14c
The two commands inserted had been removed.

Discover the policies of the ASALAB device again to make sure CSM and Cisco ASA existing config are consistent.

Discover the policies of the ASALAB device again to make sure CSM and Cisco ASA existing config are consistent.

An entry is added after you have successfully rolled back the configuration.

An entry is added after you have successfully rolled back the configuration.

To make sure the configuration is consistent between CSM and Cisco ASA, you can rediscover the policies again, right click on the device and select the menu as shown.

To make sure the configuration is consistent between CSM and Cisco ASA, you can rediscover the policies again, right click on the device and select the menu as shown.

Another entry is added after the rediscovery is completed.

Another entry is added after the rediscovery is completed.

If you decided to go ahead with the configuration you have made just now, you can rollback to the configuration again.

Choose the configuration and click rollback. I have only one provisioned configuration.

Choose the configuration and click rollback. I have only one provisioned configuration.

Keeping track of the changes, rollback, provision in the configuration archive will become more tedious as the number of entries increase, note that if you decided to rollback again another rollback entry will be added. Always maintain a good practice to preview the commands first before deployment.

Advertisements
This entry was posted in ASA/PIX, Firewall, Security and tagged , , , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s