Exciting news! We are redesigning the Arctic Wolf Help Documentation site to provide a better user experience. Our new site will launch on May 1, 2024.

Cisco ASA Logs

Updated Nov 13, 2023

Configure Cisco ASA to send logs to Arctic Wolf using CLI

Note: After you configure these logs, changing the severity level of a log message can cause unexpected alerts. Contact your Concierge Security® Team (CST) if it is necessary to change a severity level.

You can configure Cisco Adaptive Security Appliance (ASA)® to send the necessary logs to Arctic Wolf® for security monitoring.

Requirements

Steps

  1. Configure log forwarding.
  2. Provide your Cisco ASA information to Arctic Wolf.

Step 1: Configure log forwarding

  1. Connect one end of your console cable to the console port on the Cisco ASA appliance.

  2. Connect the other end of your console cable to a serial communications (COM) port on your computer.

  3. In your SSH client, configure these settings:

    • Serial line — Enter COM1.
    • Speed (baud) — Enter 9600.
    • Data bits — Enter 8.
    • Stop bits — Enter 1.
    • Parity — Select None.
    • Flow control — Select None.
  4. Sign in to the CLI with administrator permissions using your SSH client.

  5. Run this command to configure the syslog settings:

    logging enable
    logging timestamp
    logging trap informational
    logging host <interface_name> <ip_address> 17/514 timestamp legacy

    Where:

    • <interface_name> is the interface name.

      Tip: If you do not know your interface name, the show route <ip_address> command will display the name in some instances.

    • <ip_address> is the Arctic Wolf Sensor IP address.

Step 2: Provide your Cisco ASA information to Arctic Wolf

  1. Sign in to the Arctic Wolf Unified Portal.

  2. Click the Tickets tab, and then do one of these actions:

    • New customers — In the Ticket Type list, select Onboarding. Then, click the existing [Deploy] Site Config: <ticket_subject> ticket.
    • Existing customers — Click Open a New Ticket.
  3. On the Open a New Ticket page, configure these settings:

    • What is this ticket related to? — Select General request.
    • Subject — Enter Syslog changes.
    • Related ticket (optional) — Keep empty.
    • Message — Enter this information for your Concierge Security® Team (CST):
      • Confirmation that you completed the steps in this configuration guide.
      • The IP address or hostname you used during the configuration.
      • Questions or comments that you have.
  4. Click Send Message.

    Your CST will review the details and make sure that Arctic Wolf is successfully processing the logs.

See also