ASA logging

fightclub34fightclub34 Member Posts: 41 ■■□□□□□□□□
A couple questions about asa syslogging for compliance reasons. What is best practice logging level to send to a syslog server. If debugging is sent the server is going to need a lot of room to keep for any period of time.

Second question how do you store events on an asa-aip-ssm-20 to a syslog server or some external place to keep for logging purposes. I would assume the module itself can only hold a certain amount of logs until it overwrites itself

Comments

  • AhriakinAhriakin Member Posts: 1,799 ■■■■■■■■□□
    The Syslog level is purely down to policy, don't break policy for the sake of saving on hardware as it may come back to haunt you (and yes I know the very people who may tell you to keep costs down on the logging server are the ones who will burn you if there's an incident and logs are missing due to lack of capacity, at least have the requests recorded by email or whatever).
    Anyway checkout Splunk, it's free up to a certain level and a brilliant syslog tool. Then there's always Kiwi Syslog Daemon. Personally I wouldn't log lower than informational unless you are debugging specific processes for troubleshooting.

    For the IPS modules try the Cisco IME - Cisco IPS Manager Express - Products & Services - Cisco Systems .
    We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?
  • fightclub34fightclub34 Member Posts: 41 ■■□□□□□□□□
    Thanks ahriakin

    I was thinking informational too. We will be using kiwi syslog. Will ips manager store logs for a long period of time or will ips manager convert to syslog and i can then send those syslogs to kiwi.
Sign In or Register to comment.