Cisco ASA

Logs Collected

The Cisco ASA log information is sent over the syslog protocol and from that point the BindPlane Logs Agent listens on a port to collect that information and sends it to Google Stackdriver Logging. Below are examples of the logs that are collected and sent to Google Stackdriver Logging.

Cisco ASA Log with a Severity Level of ERRORCisco ASA Log with a Severity Level of ERROR

Cisco ASA Log with a Severity Level of ERROR

Cisco ASA Log with a Severity Level of INFOCisco ASA Log with a Severity Level of INFO

Cisco ASA Log with a Severity Level of INFO

Cisco ASA Log with a Severity Level of NOTICECisco ASA Log with a Severity Level of NOTICE

Cisco ASA Log with a Severity Level of NOTICE

Cisco ASA Log with a Severity Level of WARNCisco ASA Log with a Severity Level of WARN

Cisco ASA Log with a Severity Level of WARN

Log Collection Setup

Pre-requisites

Follow the steps to Configure Syslog for ASA.

🚧

Add Timestamps to Syslogs

For proper functionality, timestamps need to be enabled for ASA syslogs
To learn how, please read Add Timestamps to Syslog.

Configure a Cisco ASA Log Source

  1. Install the BindPlane Log Agent on the host system.
  2. Login to BindPlane and select the Logs tab.
Logs TabLogs Tab

Logs Tab

  1. Select the Sources tab.
Sources TabSources Tab

Sources Tab

  1. In the top-right portion of the screen, click on the Add Source Configuration button
Add Source Configuration ButtonAdd Source Configuration Button

Add Source Configuration Button

  1. Choose Cisco ASA
  2. Fill out the IP address to listen for and the port to listen on
Cisco ASA Log Configuration FormCisco ASA Log Configuration Form

Cisco ASA Log Configuration Form