Home
Certification Preparation
Cisco
CCNP
CCNP Security
ASA logging
fightclub34
A couple questions about asa syslogging for compliance reasons. What is best practice logging level to send to a syslog server. If debugging is sent the server is going to need a lot of room to keep for any period of time.
Second question how do you store events on an asa-aip-ssm-20 to a syslog server or some external place to keep for logging purposes. I would assume the module itself can only hold a certain amount of logs until it overwrites itself
Find more posts tagged with
Comments
Ahriakin
The Syslog level is purely down to policy, don't break policy for the sake of saving on hardware as it may come back to haunt you (and yes I know the very people who may tell you to keep costs down on the logging server are the ones who will burn you if there's an incident and logs are missing due to lack of capacity, at least have the requests recorded by email or whatever).
Anyway checkout Splunk, it's free up to a certain level and a brilliant syslog tool. Then there's always Kiwi Syslog Daemon. Personally I wouldn't log lower than informational unless you are debugging specific processes for troubleshooting.
For the IPS modules try the Cisco IME -
Cisco IPS Manager Express - Products & Services - Cisco Systems
.
fightclub34
Thanks ahriakin
I was thinking informational too. We will be using kiwi syslog. Will ips manager store logs for a long period of time or will ips manager convert to syslog and i can then send those syslogs to kiwi.
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
