Monday, December 26, 2011

How to Configure Cisco ASA 5505 to Use a Syslog Server

How to Configure Cisco ASA 5505 to Use a Syslog Server

By Dave Wilson, eHow Contributor

updated November 11, 2011

The Cisco ASA 5505 is usually deployed to stand between your private network and the Internet, so it is critically important that performance and security issues are logged and records retained as they may be needed for forensic investigation. Due to limited space on the ASA 5505, storing logs on a Syslog server is a necessity.

Difficulty:
Moderate

Instructions

Things You'll Need

  • ASA 5505 firewall appliance
  • Computer (Windows, Linux or Mac)
  • Cisco serial cable
  • Syslog server configured to receive messages on default UDP port 514
    • 1

      Plug a Cisco serial cable from a computer to the ASA 5505. Open a terminal console program such as Hyperterminal or Putty (Microsoft Windows), or Minicom (Linux) and select the com port in use by the Cisco serial cable. Press the Enter key to receive a prompt response from the ASA 5505. Type in an account name and password if required to log in.

    • 2

      Test connectivity from the ASA 5505 to the Syslog server by typing the following on the ASA 5505 command line interface:

      ASA5505>enable
      ASA5505>password:
      ASA5505#ping 10.0.0.1

      and press Enter. (Enter the specific enable password for the ASA 5505 when requested and replace the 10.0.0.1 with the IP address of your Syslog server). If connectivity is established the terminal will display the following:

      Type escape sequence to abort.
      Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:
      !!!!
      Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

      If the output displays that the ping is not successful, check all cables, connectors and network connectivity between the ASA 5505 and the Syslog server, and run the ping test again.

    • 3

      Type 'config t' on the ASA 5505 command line. Press Enter to access configuration mode. The command prompt should now look similar to the following:

      ASA5505 (config) #

      where (config) indicates that the context has changed to configuration mode.

    • 4

      Type ‘logging enable’ on the command line, and press the Enter key. This will activate the logging service on the ASA5505.

    • 5

      Configure the ASA 5505 to send log messages to a specific Syslog server. While you are still in configuration mode, on the command line, use the following syntax to specify the Syslog server where the log messages will be recorded:

      logging host interface name IP_address TCP/port_number UDP/port_number

      and press the Enter key. Follow the format of this example:

      ASA5505 (config) #logging host inside 10.20.20.10

      In the example above, ‘inside’ is the name of the interface out of which the log messages will be sent and 10.20.20.10 is the IP address of the Syslog server.

    • 6

      Configure the log message severity parameters to specify the level of detail required for messages sent to the Syslog server. The severity parameter has eight levels numbered from 0 to 7 which can also be specified by name. Severity level names and numbers are:

      0 = emergencies
      1 = alerts
      2 = critical
      3 = error
      4 = warning
      5 = notification
      6 = informational
      7 = debugging

      The higher the severity level number, the more verbose the messages. As a general rule, configuring severity to 3, or error, is the best balance to ensure that necessary messages are received while suppressing unnecessary messages that consume storage space. The command to specify the Syslog message severity level must be entered in configuration mode following the syntax below:

      logging trap severity_level

      Severity level can be specified either by name or by number. Here is an example command line severity level configuration:

      ASA5505 (config) #logging trap 3

      The new configuration is now held in memory.

    • 7

      Save the configuration by exiting from configuration mode, and save the memory to non-volatile memory or NVRAM. Type exit and press then Enter key and then type copy run start and press the Enter key again. Follow the example below to complete the configuration:

      ASA5505 (config) #exit
      ASA5505 #copy run start

    • 8

      Test the configuration by exiting the ASA 5505 command line. Log in again using SSH and check the log files on the Syslog server. The log files should show entries reporting that the ASA 5505 received a connection and successful login.


Read more: How to Configure Cisco ASA 5505 to Use a Syslog Server | eHow.com http://www.ehow.com/how_6628293_configure-5505-use-syslog-server.html#ixzz1hi38Ib4e
Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)