Cisco ASA Logs
Updated Nov 13, 2023Configure Cisco ASA to send logs to Arctic Wolf using CLI
Note: After you configure these logs, changing the severity level of a log message can cause unexpected alerts. Contact your Concierge Security® Team (CST) if it is necessary to change a severity level.
You can configure Cisco Adaptive Security Appliance (ASA)® to send the necessary logs to Arctic Wolf® for security monitoring.
Requirements
- An activated Arctic Wolf Sensor
- An SSH client (for example, PuTTY)
- A console cable
Steps
Step 1: Configure log forwarding
-
Connect one end of your console cable to the console port on the Cisco ASA appliance.
-
Connect the other end of your console cable to a serial communications (COM) port on your computer.
-
In your SSH client, configure these settings:
- Serial line — Enter
COM1
. - Speed (baud) — Enter
9600
. - Data bits — Enter
8
. - Stop bits — Enter
1
. - Parity — Select None.
- Flow control — Select None.
- Serial line — Enter
-
Sign in to the CLI with administrator permissions using your SSH client.
-
Run this command to configure the syslog settings:
logging enable logging timestamp logging trap informational logging host <interface_name> <ip_address> 17/514 timestamp legacy
Where:
<interface_name>
is the interface name.Tip: If you do not know your interface name, the
show route <ip_address>
command will display the name in some instances.<ip_address>
is the Arctic Wolf Sensor IP address.
Step 2: Provide your Cisco ASA information to Arctic Wolf
-
Sign in to the Arctic Wolf® Unified Portal.
-
Click Help > Open a New Ticket.
-
On the Open a New Ticket page, configure these settings:
- What is this ticket related to? — Select General request.
- Subject — Enter
Syslog changes
. - Related ticket (optional) — Keep blank.
- Message — Enter this information for your Concierge Security® Team (CST):
- Confirmation that you completed the steps in this configuration guide.
- The IP address or hostname you used during the configuration.
- Any questions or comments that you have.
-
Click Send Message.
Your CST will review the details, and then confirm that Arctic Wolf is successfully processing the logs.