Bingo!  Your ASA is not configured properly for logging.

ssh to the device and login
enable
(enter password)
config t
logging trap debugging
exit
write mem
exit

if debugging is too much info, you can lower it to notifications as in 
Eero's example.  

But you're never going to see your ASA logging if you don't configure it to 
send to an external server.

Documentation from Cisco.
Using ASDM - 
http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/113053-asa82-syslog-config-00.html#loggsyslogserv

Using CLI
http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/monitor_syslog.html#wp1552182




On Wednesday, February 11, 2015 at 2:26:46 AM UTC-8, Eero Volotinen wrote:
>
>
> You need to enable logging to syslog server first. command is like logging 
> trap <syslog-level>
> example:
>
> conf t
> logging trap notifications
> wr
>
> br,
> Eero
> --
>
> 2015-02-11 8:50 GMT+02:00 Network Infrastructure <panhat...@gmail.com 
> <javascript:>>:
>
>> This is the message when I use the command:
>>
>> but it doesn't work
>>
>> ASA5520# sh run log
>> logging enable
>> logging asdm informational
>> logging host inside 192.168.10.11
>> ASA5520# sh run | inc log
>>  service-object tcp eq klogin
>>  service-object tcp eq login
>>  service-object udp eq syslog
>>  service-object udp eq syslog
>>  service-object udp eq syslog
>> logging enable
>> logging asdm informational
>> logging host inside 192.168.10.11
>>
>>
>> On Friday, February 6, 2015 at 9:11:33 AM UTC+7, Network Infrastructure 
>> wrote:
>>
>>> I have configured OSSEC to monitor my ASA 5520 but I cannot see anything 
>>>
>>> In ASA 5520, I enable syslog server to send syslog to my OSSEC
>>>
>>>
>>> In OSSEC, the /var/ossec/etc/ossec.conf, I configed:
>>>
>>> <ossec_config>
>>>
>>> <remote> 
>>>   <connection>syslog</connection> 
>>>   <allowed-ips>IP_OF_CISCO_DEVICE</allowed-ips> 
>>> </remote>
>>> <global>
>>>   <logall>yes</logall>
>>> </global>
>>>
>>> </ossec_config>
>>>
>>> Then I restart ossec services but I cannot see anything.
>>>
>>>
>>> Help me please ...
>>>
>>  -- 
>>
>> --- 
>> You received this message because you are subscribed to the Google Groups 
>> "ossec-list" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to ossec-list+...@googlegroups.com <javascript:>.
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to