Use https://seceonhelp.freshdesk.com/support/login to access updated Knowledge Base Articles, Submit Technical Support Tickets and Review Status of submitted support tickets.
Configuring syslogs from Cisco ASA/ Cisco PIX through User Interface
Overview
We are providing you with the steps to integrate your Cisco ASA Firewall with Seceon SIEM so One can have Comprehensive visibility and Proactive Threat Detection in your Environment. There will be a log transfer between your firewall to APE(Analytics and Policy Engine) via CCE (Collection and Control Engine ). In this document, we are guiding you through the steps for Log and Netflows forwarding.
Log in to the Cisco user interface, and follow the steps below to configure the firewall:
Step 1: Enabling Logging
- Select Configure > Settings > Logging > Logging Setup
- Select the Enable logging setup and Enable logging failover check boxes
- Click Apply.
Changes are applied to the assigned firewall configuration files when they are generated. The configuration files are then downloaded to firewalls at deployment.
Step 2: Configuring Syslog Server
- Select Configure > Settings > Logging > Syslog
- Check Include Timestamp.
- Click Add to add a row.
- In the Add Syslog Server page that appears, enter the following:
o Interface Name - the firewall interface through which Firewall Analyzer can be reached, the interface can be either inside or outside.
o IP Address - the IP address of the syslog server (CCE host IP Address) to which logs have to be sent
o Under Protocol, select the UDP radio button
o The default UDP port is 514. If you have configured a different syslog listener port on your syslog server, enter the same port here.
- Click Apply
Step 3: Configuring Logging Level
- Select Configure > Settings > Logging > Other
- Under Console Level List select Informational so that all report data is available
- Click Apply
Seceon Inc. All rights reserved. https://www.seceon.com