To setup a syslog server for archiving syslog of ASA5510, i think it will let us easy to check some incidents. On datacenter, there is a suse linux 10 for MRTGing whole network infrastructure . i plant to run a syslog service on the linux server. After checking the server. i found syslog-ng was running . so just modify the syslog-ng.conf.
syslog-ng.conf loactes in /etc/syslog-ng , i just added below content in the file:
#define the destination which will be syslogged.
source ASA5510 (
udp ();
} ;
#define a filter . for log level
filter f_asa ( facility (local7););
#define log options
destination asa5510 { file ("/var/log/ASA5510.log");};
log {source (ASA5510); filter (f_asa); destination (asa5510); };
Then , i need to enable syslog logging on ASA5510:
logging enable
logging trap informational
logging host inside 192.168.0.100 format emblem
Last, SYSLOG-NG service should be started :
/sbin/syslog-ng start
To confirm the configration works:
cat /var/log/ASA5510.log
If you will get content about firewall , congratulate, syslog-ng works.
