How to Configure Cisco ASA 5505 to Use a Syslog Server

By Dave Wilson, eHow Contributor

updated November 11, 2011

The Cisco ASA 5505 is usually deployed to stand between your private network and the Internet, so it is critically important that performance and security issues are logged and records retained as they may be needed for forensic investigation. Due to limited space on the ASA 5505, storing logs on a Syslog server is a necessity.

Difficulty:

Moderate

Instructions

Things You'll Need

• ASA 5505 firewall appliance
• Computer (Windows, Linux or Mac)
• Cisco serial cable
• Syslog server configured to receive messages on default UDP port 514

1. • 1

     Plug a Cisco serial cable from a computer to the ASA 5505. Open a terminal console program such as Hyperterminal or Putty (Microsoft Windows), or Minicom (Linux) and select the com port in use by the Cisco serial cable. Press the Enter key to receive a prompt response from the ASA 5505. Type in an account name and password if required to log in.

   • 2

     Test connectivity from the ASA 5505 to the Syslog server by typing the following on the ASA 5505 command line interface:

     ASA5505>enable
     ASA5505>password:
     ASA5505#ping 10.0.0.1

     and press Enter. (Enter the specific enable password for the ASA 5505 when requested and replace the 10.0.0.1 with the IP address of your Syslog server). If connectivity is established the terminal will display the following:

     Type escape sequence to abort.
     Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:
     !!!!
     Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

     If the output displays that the ping is not successful, check all cables, connectors and network connectivity between the ASA 5505 and the Syslog server, and run the ping test again.

   • 3

     Type 'config t' on the ASA 5505 command line. Press Enter to access configuration mode. The command prompt should now look similar to the following:

     ASA5505 (config) #

     where (config) indicates that the context has changed to configuration mode.

   • 4

     Type ‘logging enable’ on the command line, and press the Enter key. This will activate the logging service on the ASA5505.

   • 5

     Configure the ASA 5505 to send log messages to a specific Syslog server. While you are still in configuration mode, on the command line, use the following syntax to specify the Syslog server where the log messages will be recorded:

     logging host interface name IP_address TCP/port_number UDP/port_number

     and press the Enter key. Follow the format of this example:

     ASA5505 (config) #logging host inside 10.20.20.10

     In the example above, ‘inside’ is the name of the interface out of which the log messages will be sent and 10.20.20.10 is the IP address of the Syslog server.

   • 6

     Configure the log message severity parameters to specify the level of detail required for messages sent to the Syslog server. The severity parameter has eight levels numbered from 0 to 7 which can also be specified by name. Severity level names and numbers are:

     0 = emergencies
     1 = alerts
     2 = critical
     3 = error
     4 = warning
     5 = notification
     6 = informational
     7 = debugging

     The higher the severity level number, the more verbose the messages. As a general rule, configuring severity to 3, or error, is the best balance to ensure that necessary messages are received while suppressing unnecessary messages that consume storage space. The command to specify the Syslog message severity level must be entered in configuration mode following the syntax below:

     logging trap severity_level

     Severity level can be specified either by name or by number. Here is an example command line severity level configuration:

     ASA5505 (config) #logging trap 3

     The new configuration is now held in memory.

   • 7

     Save the configuration by exiting from configuration mode, and save the memory to non-volatile memory or NVRAM. Type exit and press then Enter key and then type copy run start and press the Enter key again. Follow the example below to complete the configuration:

     ASA5505 (config) #exit
     ASA5505 #copy run start

   • 8

     Test the configuration by exiting the ASA 5505 command line. Log in again using SSH and check the log files on the Syslog server. The log files should show entries reporting that the ASA 5505 received a connection and successful login.

Read more: How to Configure Cisco ASA 5505 to Use a Syslog Server | eHow.com http://www.ehow.com/how_6628293_configure-5505-use-syslog-server.html#ixzz1hi38Ib4e

How to renew a self signed certificate in Exchange Server 2007

When a new Exchange Server 2007 role is installed on a computer the server automatically generates a self signed certificate to be used with services like transport (SMTP), POP, IIS (OWA and Exchange Web Services) and IMAP. This certificate expires right after the completion of one year from the date server was installed or the certificate was reassigned manually. To check the status of the certificate using Exchange Management Shell. Executing the cmdlet Get-ExchangeCertificate |FL displays all relevant information about all the certificates assigned, enabled and being used or not used by Exchange Services.

You may see more than one certificate listed on your exchange server(s) and that may be simply because you or someone else from your team have already tried working with certificates on the server.

If you see the above picture, you will notice that the certificate I have on my server is valid till 24th March 2010. NotAfter holds the value in mm/dd/yyyy h:mm:ss format. NotAfter – means this certificate will not be valid after the time stamp listed in this field. On the other hand the value NotBefore – means that this certificate will not be valid before the time stamp mentioned.

So once you cross the date listed in field NotAfter the certificate becomes invalid and indeed may open up doors to many other troubles like connectivity to web services, SMTP transport, POP and IMAP retrieval, etc. To renew the certificate you can simply run a cmdlet and get a new self signed certificate. But, this is just not as simple as simply running a cmdlet and get a new certificate, there is a procedure to do it. Check the following steps:

1. Run Get-ExchangeCertificate |FL – This will list details of all certificates that you have assigned to Exchange Services. Please understand, this cmdlet does not retrieve any information about any other certificate from local certificate store which is not used by Exchange. Once you get the output printed on the screen; note down the Thumbprint of certificate into a notepad.

2. Run Get-ExchangeCertificate –Thumbprint “58C846DEEA2865CA9E6DD4B42329A9AC994EBF63” | New-ExchangeCertificate . This renews the certificate. You will notice the moment you press enter on keyboard you may be prompted to confirm if you want to use the same certificate for SMTP service.

3. Check if the certificate is renewed. This can be simply examined by looking at the changes in thumbprint of the certificate after running the cmdlet mentioned in step 2. You can see the changed thumbprint in below picture.

4. Looking correctly to the above picture you will also notice that the certificate is not being used to secure IIS based services anymore though the NotAfter and NotBefore dates have changed. To enable this renewed certificate for IIS as well run Enable-ExchangeCertificate – Thumbprint “E0BB201793DC74D0F94F3275E6AA53BA75907565” –Services IIS

5. Verify all the services are working correctly after renewing and enabling the certificate.

6. Remove old certificate by running Remove-ExchangeCertificate –Thumbprint “58C846DEEA2865CA9E6DD4B42329A9AC994EBF63”

source: http://www.msexchangegeek.com/2009/04/24/how-to-renew-a-self-signed-certificate-in-exchange-server-2007/