[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ASA log viewer

Subject: ASA log viewer
From: jjanusze at wd-tek.com (jjanusze at wd-tek.com)
Date: Sun, 20 Nov 2011 09:23:29 -0500 (EST)
In-reply-to: <B3EFDDF4FEB4EA4B860629A6EAB0A7B705632E27@SIDFWCRPMBX002.us.si.lan>
References: <[email protected]> <B3EFDDF4FEB4EA4B860629A6EAB0A7B705632E27@SIDFWCRPMBX002.us.si.lan>

The logging host command enables a secure connection via TLS, and to configure
use of a TCP port for logging.


???? e.g.,? interface_name syslog_ip[tcp/port] [emblem format] [secure]


Also, when you do a sho log, do you have the following set?


???? Deny Conn when Queue Full: disabled

?



On November 20, 2011 at 7:42 AM Joe Happe <Joe.Happe at archlearning.com> wrote:

> Completely agree with splunk for log searching / analysis, even has some
> ASA/PIX modules.? Please note, unless something has changed that I completely
> missed, an ASA/PIX will stop forwarding user traffic if it is configured for
> tcp syslogs and the connection breaks.? (no more disk, network issue, etc)
> This is based on the premise that a system cannot be considered secure if the
> audit trail is unavailable, and tcp syslogging(vs udp) is usually used to make
> sure you don't miss an entry due to a dropped packet.? Something that dates
> back to the old C2 security standard??(not sure of the current version).?
> ?Typically this requires admin intervention (by design) to clear the
> condition.? ?If you use udp for syslog the ASA won't be in this mode, and you
> won't block traffic if syslog fails.? With that said, there may be a command
> I'm unaware of that allows a tcp syslog to fail and not block traffic.?
>
> ~jdh
>
> -----Original Message-----
> From: Joel M Snyder [mailto:Joel.Snyder at Opus1.COM]
> Sent: Sunday, November 20, 2011 12:11 AM
> To: nanog at nanog.org
> Subject: Re: ASA log viewer
>
>? >I'd like to fully search on an 'column', a la 'ladder logic' style.,? >as
>well as have the data presented in an orderly well-defined fashion.
>
> Yes, Splunk.
>
> See:
> http://www.networkworld.com/reviews/2011/092611-splunk-test-250836.html
>
> for a recent Network World test of Splunk which may help.
>
> jms
>
>
> --
> Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719
> Senior Partner, Opus One? ? ? ?Phone: +1 520 324 0494
> jms at Opus1.COM? ? ? ? ? ? ? ? http://www.opus1.com/jms
>
> ______________________________________________________________________________________________________
>
> The information contained in this electronic message and any attachments is
> confidential,
> is for the sole use of the intended recipient(s) and may contain privileged
> information.
> Any unauthorized review, use, disclosure or distribution is prohibited. If you
> are not the
> intended recipient, you must not read, use or disseminate the information, and
> should immediately
> contact the sender by reply email and destroy all copies of the original
> message.
> >
>

References:
- ASA log viewer
  - From: Joel.Snyder at Opus1.COM (Joel M Snyder)
- ASA log viewer
  - From: Joe.Happe at archlearning.com (Joe Happe)

Prev by Date: ASA log viewer
Next by Date: ASA log viewer
Previous by thread: ASA log viewer
Next by thread: ASA log viewer
Index(es):
- Date
- Thread