Help Documentation

Managed Detection and Response

Cisco ASA Logs

Updated Nov 13, 2023

Configure Cisco ASA to send logs to Arctic Wolf using CLI

Note: After you configure these logs, changing the severity level of a log message can cause unexpected alerts. Contact your Concierge Security® Team (CST) if it is necessary to change a severity level.

You can configure Cisco Adaptive Security Appliance (ASA)® to send the necessary logs to Arctic Wolf® for security monitoring.

Requirements

Steps

  1. Configure log forwarding.
  2. Provide your Cisco ASA information to Arctic Wolf.

Step 1: Configure log forwarding

  1. Connect one end of your console cable to the console port on the Cisco ASA appliance.

  2. Connect the other end of your console cable to a serial communications (COM) port on your computer.

  3. In your SSH client, configure these settings:

    • Serial line — Enter COM1.
    • Speed (baud) — Enter 9600.
    • Data bits — Enter 8.
    • Stop bits — Enter 1.
    • Parity — Select None.
    • Flow control — Select None.

  4. Sign in to the CLI with administrator permissions using your SSH client.

  5. Run this command to configure the syslog settings:

    logging enable
logging timestamp
logging trap informational
logging host <interface_name> <ip_address> 17/514 timestamp legacy

    Where:

    • <interface_name> is the interface name.

      Tip: If you do not know your interface name, the show route <ip_address> command will display the name in some instances.

    • <ip_address> is the Arctic Wolf Sensor IP address.

Step 2: Provide your Cisco ASA information to Arctic Wolf

  1. Sign in to the Arctic Wolf® Unified Portal.

  2. Click Help > Open a New Ticket.

  3. On the Open a New Ticket page, configure these settings:

    • What is this ticket related to? — Select General request.
    • Subject — Enter Syslog changes.
    • Related ticket (optional) — Keep blank.
    • Message — Enter this information for your Concierge Security® Team (CST):
      • Confirmation that you completed the steps in this configuration guide.
      • The IP address or hostname you used during the configuration.
      • Any questions or comments that you have.

  4. Click Send Message.

    Your CST will review the details, and then confirm that Arctic Wolf is successfully processing the logs.

See also