ASA log viewer

• Previous message (by thread): ASA log viewer
• Next message (by thread): ASA log viewer
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The logging host command enables a secure connection via TLS, and to configure
use of a TCP port for logging.


     e.g.,  interface_name syslog_ip[tcp/port] [emblem format] [secure]


Also, when you do a sho log, do you have the following set?


     Deny Conn when Queue Full: disabled

 



On November 20, 2011 at 7:42 AM Joe Happe <Joe.Happe at archlearning.com> wrote:

> Completely agree with splunk for log searching / analysis, even has some
> ASA/PIX modules.  Please note, unless something has changed that I completely
> missed, an ASA/PIX will stop forwarding user traffic if it is configured for
> tcp syslogs and the connection breaks.  (no more disk, network issue, etc)
> This is based on the premise that a system cannot be considered secure if the
> audit trail is unavailable, and tcp syslogging(vs udp) is usually used to make
> sure you don't miss an entry due to a dropped packet.  Something that dates
> back to the old C2 security standard??(not sure of the current version). 
>  Typically this requires admin intervention (by design) to clear the
> condition.   If you use udp for syslog the ASA won't be in this mode, and you
> won't block traffic if syslog fails.  With that said, there may be a command
> I'm unaware of that allows a tcp syslog to fail and not block traffic. 
>
> ~jdh
>
> -----Original Message-----
> From: Joel M Snyder [mailto:Joel.Snyder at Opus1.COM]
> Sent: Sunday, November 20, 2011 12:11 AM
> To: nanog at nanog.org
> Subject: Re: ASA log viewer
>
>  >I'd like to fully search on an 'column', a la 'ladder logic' style.,  >as
>well as have the data presented in an orderly well-defined fashion.
>
> Yes, Splunk.
>
> See:
> http://www.networkworld.com/reviews/2011/092611-splunk-test-250836.html
>
> for a recent Network World test of Splunk which may help.
>
> jms
>
>
> --
> Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719
> Senior Partner, Opus One       Phone: +1 520 324 0494
> jms at Opus1.COM                http://www.opus1.com/jms
>
> ______________________________________________________________________________________________________
>
> The information contained in this electronic message and any attachments is
> confidential,
> is for the sole use of the intended recipient(s) and may contain privileged
> information.
> Any unauthorized review, use, disclosure or distribution is prohibited. If you
> are not the
> intended recipient, you must not read, use or disseminate the information, and
> should immediately
> contact the sender by reply email and destroy all copies of the original
> message.
> >
>

• Previous message (by thread): ASA log viewer
• Next message (by thread): ASA log viewer
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]