Subject: Configure Cisco ASA 5506-X Firewall to Send Syslog Messages to
Kiwi Free Syslog Server 9.7.0
Author: Mr. Turritopsis Dohrnii Teo En Ming (TARGETED INDIVIDUAL)
Country: Singapore
Date: 20 September 2020 Sunday Singapore Time
Type of Publication: Plain Text
Document Version: 20200920.01
STEPS
=====
1. Launch Kiwi Free Syslog Server 9.7.0 Installer (by Solar Winds) on
the Active Directory Domain Controller (Windows Server 2016 Standard).
2. Click "I Agree" on the License Agreement window.
3. Choose "Install Kiwi Syslog Server as a Service". Click Next.
4. Install the Service using: The LocalSystem Account. Click Next.
5. Select the type of install: Normal. Click Next.
6. Click Install on the Choose Install Location window.
7. Check "Run Kiwi Syslog Server 9.7.0". Click Finish.
8. On the dialog showing "Kiwi Syslog free version supports up to 5
message sources. Please define them under Inputs in Setup.", click OK.
9. Click Setup.
10. Inputs > UDP
Check "Listen for UDP Syslog messages".
UDP Port (1-65535): 514
Bind to address: Leave empty
Data encoding: System: Leave empty
Click OK.
11. Login to Cisco ASDM.
12. Configuration > Device Management > Logging > Logging Setup
Check "Enable logging".
Click Apply.
13. Configuration > Device Management > Logging > Syslog Servers
Click Add.
Interface: inside
IP address: <IP address of Kiwi Syslog Server>
Protocol: UDP
Port: 514
Click OK.
14. Execute the following Windows command to check if Kiwi Syslog Server
is listening.
netstat -nab | findstr 514
15. Go to Kiwi Syslog Server again. Click Setup.
Inputs Menu:
Enter IP address of Cisco ASA 5506-X Firewall.
Click Add.
Click OK.
16. Login to Symantec Endpoint Protection Manager on the Active
Directory Domain Controller.
Go to Firewall Policy.
Under Windows Settings, Click Rules.
Click Add Rule.
Rule name: Open UDP Port 514 to allow syslog messages from Cisco ASA
firewall
Click Next.
17. Click Allow Connections. Click Next.
18. Click All Applications. Click Next.
19. Select "Only the computers and sites listed below:"
Host: <IP address of Cisco ASA 5506-X Firewall>
Click Add.
Click Next.
20. Protocol: UDP
Select "Local/Remote"
Local Port: 514
Remote Port: Leave empty
Direction: Incoming
Click OK.
21. Choose "Only the communications listed below:"
Select "UDP [Local=514; Stateful Incoming]
Click Next.
22. Do you want to create a log entry when this rule is matched? No
Click Finish.
23. Check the list of Firewall Rules.
Click OK.
24. Login to Cisco ASDM again.
25. Configuration > Device Management > Logging > Logging Filters
Click Logging Destination: Syslog Servers
Click Edit.
Syslogs from All Event Classes
Filter on severity: Debugging
Click OK.
26. Syslog messages from Cisco ASA 5506-X Firewall will start appearing
on the Kiwi Free Syslog Server.
--
-----BEGIN EMAIL SIGNATURE-----
The Gospel for all Targeted Individuals (TIs):
[The New York Times] Microwave Weapons Are Prime Suspect in Ills of
U.S. Embassy Workers
Link:
https://www.nytimes.com/2018/09/01/science/sonic-attack-cuba-microwave.html
********************************************************************************************
Singaporean Targeted Individual Mr. Turritopsis Dohrnii Teo En Ming's
Academic
Qualifications as at 14 Feb 2019 and refugee seeking attempts at the
United Nations Refugee Agency Bangkok (21 Mar 2017), in Taiwan (5 Aug
2019) and Australia (25 Dec 2019 to 9 Jan 2020):
[1] https://tdtemcerts.wordpress.com/
[2] https://tdtemcerts.blogspot.sg/
[3] https://www.scribd.com/user/270125049/Teo-En-Ming
-----END EMAIL SIGNATURE-----
--
http://lists.linuxfromscratch.org/listinfo/lfs-chat
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
