Re: CISCO ASA Firewall Log



I think I understand your questions so I will try to help.

If you are looking to stream your logs to a syslog server from the ASA:

logging enable

logging trap warnings
logging host inside 10.1.1.100
As far a free tools, I guess it depends what size installation you are looking at or how you would like to analyze. It sounds like you have a syslog server, but for small installations I use a linux box with syslog-ng - http://www.balabit.com/network-security/syslog-ng/opensource-logging-system. It can configured to capture logs within specific files and match text within a stream to filter unwanted lines (to /dev/null for example). Some common open source tools like tail, grep, sed, awk, etc can be used to examine the logs.

Hope this helps.


From: Muhammad Hafiz Rafek <hafiz@xxxxxxxxxxxxxxxx>
To: security-basics@xxxxxxxxxxxxxxxxx
Cc:
Sent: Thursday, January 20, 2011 10:59 AM
Subject: CISCO ASA Firewall Log

Hi all,

How do i transfer ASA Log automatically to the syslog server??
Is there any free tools that i can monitor the ASA log in real time ??

Thank you

--
Muhammad Hafiz Bin Rafek
Analyst, Network and Security Team
Secure IT Services Department
Cyber Responsive Services
CyberSecurity Malaysia (An Agency Under MOSTI)
DL : +603 8992 6963
Fax : +603 8945 3205
HP : +601 9224 1621
Website : http://www.cybersecurity.my




Disclaimer:

“This email (and any attachment to it) is confidential and intended solely for the use of the individual or entity to whom it is addressed. CyberSecurity Malaysia assumes no liability whatsoever for the content of this email or for the consequences of actions taken based on such content unless it is subsequently confirmed in writing. Unintended recipients are notified that disclosing, copying or distributing of this email, or acting based on its contents, is strictly prohibited; and you are to immediately and permanently delete or destroy this email and notify the sender forthwith.


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------




------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------



Relevant Pages

  • RE: Splitting Network / Domain
    ... everything now in the central office - one T1, one router, one ASA, one ... domain, one subnet, two domain controllers, one Excahnge server, also share ... in our central office, ...
    (microsoft.public.windows.server.active_directory)
  • Re: My experiences with SBS 2008 on Dell Poweredge T100
    ... We have less than 10 full time users on the server. ... We purchased a Cisco ASA firewall as well as new router, ... recipient policies in Exchange, ... configuration that is used more widely in the SMB space. ...
    (microsoft.public.windows.server.sbs)
  • net.inet.ip.random_id possible ASA problems?
    ... I am running several FreeBSD 7.x servers in an setting where we recently went from controlling the border firewall with PFSense; We were mandated to replace it with an outside provider which has an ASA in place. ... The root cause of the problem is that the ASA is being fed a significant stream of out-of-order TCP packets when the file download is launched from the PokCSD Web Server. ... With HTTP inspection enabled on the ASA, the ASA is required to process the HTTP stream in order, so it buffers out-of-order packets until it can create a proper order for processing. ...
    (freebsd-questions)
  • Cisco ASA 5505 - please help
    ... Now we have HP Proliant ML350 server (we are using it mainly as file ... Our internet connection is ... Our plan is to allow our employees to connect to server through VPN, ... On ASA 5505 is it possible to configure that some internet traffic go ...
    (comp.dcom.sys.cisco)
  • ASA NAT Question
    ... What I want is for my router to route to the internet and perform basic ... I want my ASA to have ACLs ... Translate mail traffic to hand to the Exchange server, ...
    (comp.dcom.sys.cisco)