Bingo! Your ASA is not configured properly for logging. ssh to the device and login enable (enter password) config t logging trap debugging exit write mem exit
if debugging is too much info, you can lower it to notifications as in Eero's example. But you're never going to see your ASA logging if you don't configure it to send to an external server. Documentation from Cisco. Using ASDM - http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/113053-asa82-syslog-config-00.html#loggsyslogserv Using CLI http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/monitor_syslog.html#wp1552182 On Wednesday, February 11, 2015 at 2:26:46 AM UTC-8, Eero Volotinen wrote: > > > You need to enable logging to syslog server first. command is like logging > trap <syslog-level> > example: > > conf t > logging trap notifications > wr > > br, > Eero > -- > > 2015-02-11 8:50 GMT+02:00 Network Infrastructure <panhat...@gmail.com > <javascript:>>: > >> This is the message when I use the command: >> >> but it doesn't work >> >> ASA5520# sh run log >> logging enable >> logging asdm informational >> logging host inside 192.168.10.11 >> ASA5520# sh run | inc log >> service-object tcp eq klogin >> service-object tcp eq login >> service-object udp eq syslog >> service-object udp eq syslog >> service-object udp eq syslog >> logging enable >> logging asdm informational >> logging host inside 192.168.10.11 >> >> >> On Friday, February 6, 2015 at 9:11:33 AM UTC+7, Network Infrastructure >> wrote: >> >>> I have configured OSSEC to monitor my ASA 5520 but I cannot see anything >>> >>> In ASA 5520, I enable syslog server to send syslog to my OSSEC >>> >>> >>> In OSSEC, the /var/ossec/etc/ossec.conf, I configed: >>> >>> <ossec_config> >>> >>> <remote> >>> <connection>syslog</connection> >>> <allowed-ips>IP_OF_CISCO_DEVICE</allowed-ips> >>> </remote> >>> <global> >>> <logall>yes</logall> >>> </global> >>> >>> </ossec_config> >>> >>> Then I restart ossec services but I cannot see anything. >>> >>> >>> Help me please ... >>> >> -- >> >> --- >> You received this message because you are subscribed to the Google Groups >> "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to ossec-list+...@googlegroups.com <javascript:>. >> For more options, visit https://groups.google.com/d/optout. >> > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
