Cisco ASA Syslog Configuration

This topic is to discuss the following lesson:

https://networklessons.com/cisco/asa-firewall/cisco-asa-syslog-configuration/

Hi,
Can you explain what is logging list ?
And what if we need some message from level informational and notifications

Thanks

Hello Sims

The logging list that you can add can create a list of logging levels that are not continuous. In other words, you can create a logging list called “my_logging_list” and define which levels of messages you want to include. For example, you can include severity levels 2, 5 and 7.

So if you want to just see the information and notifications levels as you mentioned, you can do this using a logging list.

I hope this has been helpful!

Laz

Thank you Rene… Always great lessons to learn…
question #1:

ASA1(config)# logging mail alerts
ASA1(config)# logging from-address asa@networklessons.com
ASA1(config)# logging recipient-address info@networklessons.com
ASA1(config)# smtp-server 192.168.1.1
  • I understand that the logging recipient-address can be an individual but What will the logging-from address be? Do we configure the ASA to own an email address? and how? (I mean, who owns the asa@networklessons.com address in this case?)

Question #2:
ASA1(config)# logging asdm debugging
I understand that the above command will log syslog messages generated by ASA1.

  • Is it possible to configure other devices to send their syslog messages to ASA1? and what will that command be?

Regards…

Hello Ayong

In order to use this feature, you must also have an SMTP email server. In this case, the ASA is functioning as an email client. The SMTP server used in this configuration has an IP address of 192.168.1.1. The SMTP server should be set up to accept emails from the ASA without any password or other security information.

No, the ASA cannot function as a Syslog server to receive the Syslog messages of other devices. The best practice is to set up a local Syslog server that will capture and maintain a database of the Syslog messages sent out by all of your devices. This will be much easier than parsing through logs on the devices or even emails. The email option is good for emergency level Syslogs, just so you can be informed of critical events, but in general, is more difficult to use for troubleshooting processes…

I hope this has been helpful!

Laz

Thank you so much Laz. That clarifies my doubts.

1 Like