Configure Cisco ASA to send logs to Arctic Wolf using CLI

You can configure your Cisco Adaptive Security Appliance (ASA)® to send the necessary logs to Arctic Wolf® for security monitoring using the command line interface (CLI).

Note: Changing the severity level of a log message after initial setup causes unexpected alerts. Contact your Concierge Security® Team (CST) before changing a severity level.

These resources are required:

  • An activated Arctic Wolf Sensor or Virtual Log Collector (vLC)
  • An SSH client (for example, PuTTY)
  • A console cable

Configure log forwarding

  1. Connect one end of your console cable to the console port on the Cisco ASA appliance.
  2. Connect the other end of your console cable to a serial communications (COM) port on your computer.
  3. In your SSH client, configure these settings:
    • Serial line — Enter COM1.
    • Speed (baud) — Enter 9600.
    • Data bits — Enter 8.
    • Stop bits — Enter 1.
    • Parity — Select None.
    • Flow control — Select None.
  4. Sign in to the CLI with administrator permissions, using your SSH client.
  5. Run this command to configure the syslog settings:
    BASH 
    logging enable
logging timestamp
logging trap informational
logging host <interface_name> <ip_address> 17/514 timestamp legacy

    Where:

    • interface_name is the interface name.
      Tip:

      If you do not know your interface name, the show route ip_address command can display the name in some instances.

    • ip_address is the Arctic Wolf Sensor IP address.

Provide configuration information to Arctic Wolf

  1. Sign in to the Arctic Wolf Unified Portal.
  2. In the navigation menu, click Tickets & Alerts > All Tickets.
  3. Perform the appropriate action, depending on if you are:
    • A new customer — In the Ticket Type list, select Onboarding. Then, click the existing [Deploy] Site Config: <ticket_subject> ticket.
    • An existing customer — Click Open a New Ticket.
  4. On the Open a New Ticket page, configure these settings:
    • What is this ticket related to? — Select General request.
    • Subject — Enter Syslog changes.
    • Related ticket (optional) — Keep empty.
    • Message — Enter this information for your Concierge Security® Team (CST):
      • Confirmation that you completed the steps in this configuration guide.
      • The IP address or hostname of the Arctic Wolf Sensor that you used during the configuration.
      • The IP address, timezone, and device type for all sources that you are forwarding.
      • Questions or comments that you have.
  5. Click Send Message.

    Your CST reviews the details to make sure that Arctic Wolf is successfully processing the logs.