Cisco ASA Logs
Updated Nov 10, 2023Configure Cisco ASA to send logs to Arctic Wolf using ASDM
Note: After you configure these logs, changing the severity level of a log message can cause unexpected alerts. Contact your Concierge Security® Team (CST) if it is necessary to change a severity level.
You can configure Cisco ASA® to send the necessary logs to Arctic Wolf® for security monitoring.
Requirements
- An activated Arctic Wolf Sensor
- Access to Adaptive Security Device Manager (ASDM) with administrator permissions
Steps
Step 1: Configure log forwarding
-
In ASDM, select Configuration.
-
In the Device Management pane, click Logging > Logging Setup.
-
In the Logging Setup section, select the Enable logging checkbox.
-
If the firewall has a secondary failover device, select the Enable logging on the failover standby unit checkbox.
-
In the navigation menu, in the Logging section, select Syslog Servers.
-
Click Add.
-
In the Add Syslog Server dialog, configure these settings:
- Interface — Select the interface that can communicate with the Arctic Wolf Sensor.
Tip: This interface is usually named
Inside
or similar. - IP Address — Enter the IP address of the Arctic Wolf Sensor management port.
- Protocol — Select UDP.
- Timestamp — Make sure this option is selected, and then select one of these formats:
- Legacy — Matches your system time.
- RFC5424 — Uses UTC time.
- Interface — Select the interface that can communicate with the Arctic Wolf Sensor.
-
Click OK.
-
In the navigation menu, in the Logging section, select Logging Filters, and then complete these steps:
Tip: The Logging section shows each possible logging destination and the current level of logs that are sent to those destinations.
- In the Logging Destinations section, click Syslog Servers.
- Click Edit.
- In the Filter on severity list, select Informational.
-
Click OK.
-
In the Syslog format section, select Enable timestamp on Syslog messages.
-
In the Timestamp Format menu, select one of these formats:
- Legacy — Matches your system time.
- RFC5424 — Uses UTC time.
-
In the Logging Filters section, click Apply.
-
Click Save.
Changes are applied after the device is restarted.
Step 2: Provide your Cisco ASA information to Arctic Wolf
-
Sign in to the Arctic Wolf® Unified Portal.
-
Click Help > Open a New Ticket.
-
On the Open a New Ticket page, configure these settings:
- What is this ticket related to? — Select General request.
- Subject — Enter
Syslog changes
. - Related ticket (optional) — Keep blank.
- Message — Enter this information for your Concierge Security® Team (CST):
- Confirmation that you completed the steps in this configuration guide.
- The IP address or hostname you used during the configuration.
- Any questions or comments that you have.
-
Click Send Message.
Your CST will review the details, and then confirm that Arctic Wolf is successfully processing the logs.