Support for Cisco ASA

slitmengheang · May 8, 2018, 6:20am

Hi all,

i want to ask about ASA support graylog or not? could you guide me how to config it?

Thanks

jochen · May 8, 2018, 7:06am

You can try using a Syslog UDP input with your Cisco ASA appliances or, if that fails, a Raw/Plaintext UDP input and some extractors.

There are also some content packs on the Graylog Marketplace related to Cisco ASA appliances:

dustintennill · May 8, 2018, 7:27pm

We use the syslog/UDP option on our ASA’s, works great.

Warning: Beware enabling Syslog/TCP on the ASA’s without poking around in the manual. I think the default settings tell the ASA “stop routing traffic for everything” if it can’t reach the logging destination.

jan · May 9, 2018, 5:52am

AFAIK you need todo something like

clock timezone UTC 0 0 
no clock summer-time
ntp server 0.0.0.0 prefer source management
logging timestamp
logging trap 6 
logging enable 
logging host management 1.2.3.4 tcp/8514

to enable that - but for sure, change the NTP Server to some reachable/internal and the host IP and Port to the Graylog server and Input.

system · May 23, 2018, 5:52am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Can not receive Cisco logs Graylog Central (peer support)	11	9354	May 8, 2018
Collecting Syslog Graylog Central (peer support)	7	1245	January 29, 2020
Error processing message from Cisco ASA Graylog Central (peer support)	3	401	May 6, 2021
Cisco 2960 syslog Graylog Central (peer support)	2	1903	June 8, 2018
Log Cisco Messages Graylog Central (peer support)	20	12119	December 13, 2019

Support for Cisco ASA

Related Topics