This topic is to discuss the following lesson:
Hi,
Can you explain what is logging list ?
And what if we need some message from level informational and notifications
Thanks
Hello Sims
The logging list that you can add can create a list of logging levels that are not continuous. In other words, you can create a logging list called “my_logging_list” and define which levels of messages you want to include. For example, you can include severity levels 2, 5 and 7.
So if you want to just see the information and notifications levels as you mentioned, you can do this using a logging list.
I hope this has been helpful!
Laz
Thank you Rene… Always great lessons to learn…
question #1:
ASA1(config)# logging mail alerts
ASA1(config)# logging from-address asa@networklessons.com
ASA1(config)# logging recipient-address info@networklessons.com
ASA1(config)# smtp-server 192.168.1.1
- I understand that the logging recipient-address can be an individual but What will the logging-from address be? Do we configure the ASA to own an email address? and how? (I mean, who owns the asa@networklessons.com address in this case?)
Question #2:
ASA1(config)# logging asdm debugging
I understand that the above command will log syslog messages generated by ASA1.
- Is it possible to configure other devices to send their syslog messages to ASA1? and what will that command be?
Regards…
Hello Ayong
In order to use this feature, you must also have an SMTP email server. In this case, the ASA is functioning as an email client. The SMTP server used in this configuration has an IP address of 192.168.1.1. The SMTP server should be set up to accept emails from the ASA without any password or other security information.
No, the ASA cannot function as a Syslog server to receive the Syslog messages of other devices. The best practice is to set up a local Syslog server that will capture and maintain a database of the Syslog messages sent out by all of your devices. This will be much easier than parsing through logs on the devices or even emails. The email option is good for emergency level Syslogs, just so you can be informed of critical events, but in general, is more difficult to use for troubleshooting processes…
I hope this has been helpful!
Laz
Thank you so much Laz. That clarifies my doubts.
1 Like
Hi,
How can I send logging for all my context out thru the admin context only?
Hello Aretha
When it comes to contexts and Syslog, each context can be considered a different “device”. In other words, if you configure syslog on the admin context, then syslog will only operate within the confines of that specific context. It is not possible to channel all of your syslogs for all the contexts of the physical device out of a single context like the admin context. In other words, there is no native method of causing an ASA to collect or send a single stream of syslog messages for the whole device.
That’s one of the fundamental reasons for contexts, to create a completely separate virtual device with its own ports, its own security policies, and its own configuration. It will literally function as a separate device. More on contexts can be found here:
Now, having said that, it is possible to set up something called a syslog proxy. This is not specific to ASAs and contexts, but it is a possible solution for what you are asking for.
A syslog proxy or relay will collect log messages via the network and forward them to one or more remote syslog servers after processing them, but without storing them locally. A relay can also filter and rate limit syslogs before sending them to the syslog server as well.
I don’t believe that the ASA has any such configuration option, of a syslog proxy or relay. However, you can use third party devices/software to do this. In addition, Cisco Security Manager has an option for configuring a relay. More on that can be found here:
I hope this has been helpful!
Laz
1 Like
Thank you so much. This has helped to clarify the understanding of contexts
1 Like
Hello,
Is there a option to have ip sla on the asa send a log message to buffer. I don’t see an option for ip sla reaction. Any guidance would be greatly appreciated.
Hello Kaylan
It is possible to redirect such log messages to the local buffer. Take a look at this NetworkLessons note on redirection IP SLA messages to the log buffer. This information is valid for older versions of ASA, but I have also tested it out on version 9.8 and it works the same.
I hope this has been helpful!
Laz
Hi, regarding syslog server, is it possible to send the logs to Azure server via site-to-site VPN? Or the syslog server has to be in the same network?
Thank you in advance.
Hello Po
The Syslog server does not need to be on the same network or subnet. The only prerequisite is that there is IP connectivity between the device collecting and sending the Syslog messages, and the server itself. If you can successfully ping the Syslog server from the device you are collecting Syslogs on, then you’re OK. So yes, you can send the logs to an Asure Syslog server. In such a case you don’t even need a site-to-site VPN as long as there is IP connectivity between the two.
I hope this has been helpful!
Laz