Syslog Configuration for Cisco ASA

Configuration Guide

Updated Nov 28, 2022

Syslog Configuration for Cisco ASA

Overview Direct link to this section

This document describes how to configure syslog forwarding for Cisco Adaptive Security Appliance (ASA) software. You can configure syslog forwarding using:

Configure Cisco ASA firewall syslog forwarding using ASDM Direct link to this section

  1. In ASDM, select Configuration.
  2. In the Device Management pane, select Logging > Logging Setup to configure basic logging parameters for the Cisco ASA firewall.
  3. In the Logging Setup section, ensure that Enable logging is selected.
  4. If the firewall has a secondary failover device, select Enable logging on the failover device.
  5. In the navigation pane, under Logging, select Syslog Servers.
  6. Click Add to add the sensor as the destination for syslog.
  7. In the Add Syslog Server dialog box, enter the syslog server details:
    • Interface — Select the interface that can communicate with the Arctic Wolf Sensor.

      Tip: This interface is usually named Inside or similar.

    • IP Address — Enter the IP address of the Arctic Wolf Sensor management port.
    • Protocol — Select UDP.
    • Timestamp — Ensure that it is selected and choose either the Legacy or RFC5424 format.

      Note: Legacy matches your system time, while RFC5424 uses UTC time.

  8. Click OK to close the Add Syslog Server dialog box.
  9. In the navigation pane, under Logging, select Logging Filters, and then enter these details:

    Tip: The Logging section shows each possible logging destination and the current level of logs that are sent to those destinations.

    1. In the Logging Destinations section, click Syslog Servers.
    2. Click Edit.
    3. Select Informational from the Filter on severity list.
  10. Click OK to close the Edit Logging Filters dialog box.
  11. Select Syslog Setup.
  12. In the Syslog format section, select Enable timestamp on Syslog messages.
  13. Click the Timestamp Format menu and select your timestamp format.

    Note: Legacy matches your system time, while RFC5424 uses UTC.

  14. In the Logging Filters section, click Apply.
  15. Click Save to save the configuration. Any changes are applied on the next device reboot.
  16. Contact your Concierge Security® Team to inform them that you have configured syslog forwarding.

Configure Cisco ASA firewall syslog forwarding using the CLI Direct link to this section

  1. Run the following command to configure the syslog parameters, where <interface_name> is the interface name and <ip_address> is the Arctic Wolf Sensor IP address:
    logging enable
    logging timestamp
    logging trap informational
    logging host <interface_name> <ip_address> 17/514 timestamp legacy

    Tip: If you do not know your interface name, the following command may display the interface name in some instances: show route <ip_address>

    Note: timestamp legacy matches your system time, while timestamp rfc5424 uses UTC.

  2. Contact your Concierge Security® Team to inform them that you have configured syslog forwarding.