The logging host command enables a secure connection via TLS, and to configure use of a TCP port for logging.
e.g., interface_name syslog_ip[tcp/port] [emblem format] [secure] Also, when you do a sho log, do you have the following set? Deny Conn when Queue Full: disabled On November 20, 2011 at 7:42 AM Joe Happe <[email protected]> wrote: > Completely agree with splunk for log searching / analysis, even has some > ASA/PIX modules. Please note, unless something has changed that I completely > missed, an ASA/PIX will stop forwarding user traffic if it is configured for > tcp syslogs and the connection breaks. (no more disk, network issue, etc) > This is based on the premise that a system cannot be considered secure if the > audit trail is unavailable, and tcp syslogging(vs udp) is usually used to make > sure you don't miss an entry due to a dropped packet. Something that dates > back to the old C2 security standard??(not sure of the current version). > Typically this requires admin intervention (by design) to clear the > condition. If you use udp for syslog the ASA won't be in this mode, and you > won't block traffic if syslog fails. With that said, there may be a command > I'm unaware of that allows a tcp syslog to fail and not block traffic. > > ~jdh > > -----Original Message----- > From: Joel M Snyder [mailto:[email protected]] > Sent: Sunday, November 20, 2011 12:11 AM > To: [email protected] > Subject: Re: ASA log viewer > > >I'd like to fully search on an 'column', a la 'ladder logic' style., >as >well as have the data presented in an orderly well-defined fashion. > > Yes, Splunk. > > See: > http://www.networkworld.com/reviews/2011/092611-splunk-test-250836.html > > for a recent Network World test of Splunk which may help. > > jms > > > -- > Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719 > Senior Partner, Opus One Phone: +1 520 324 0494 > [email protected] http://www.opus1.com/jms > > ______________________________________________________________________________________________________ > > The information contained in this electronic message and any attachments is > confidential, > is for the sole use of the intended recipient(s) and may contain privileged > information. > Any unauthorized review, use, disclosure or distribution is prohibited. If you > are not the > intended recipient, you must not read, use or disseminate the information, and > should immediately > contact the sender by reply email and destroy all copies of the original > message. > > >
