Configure Syslog for ASA via ASDM

The Security Manager Data Collector acts as a syslog server for Cisco devices, collecting messages that you can analyze using Security Manager’s Rule Usage Analysis feature.

This section describes the three procedures for configuring your Cisco ASA to send these syslog messages to Security Manager. These three procedures should be completed for every ASA that you want to monitor with Security Manager.

Prerequisites
• Make sure that you have added the keyword “log” to every ACE that you want to log.
• You must have administrator credentials to access privileged mode on the device.

Step 1: Enable Syslog Server Logging

In this step, you will enable logging on the Cisco security appliance.

Open the ASDM connected to the appliance.
Click Configuration, and then click the Device Management button.
Expand the Logging folder and click Logging Setup.
Make sure that the Enable Logging check box is selected.
Click Apply.

Step 2: Define Logging Filters

In this step, you will create a filter that allows level 6 severity, or informational syslog messages only.

In ASDM, click Configuration, and then click the Device Management button.
Expand the Logging folder and click Logging Filters.
Click Syslog Servers, and then click Edit.
Select Filter on severity and select Informational from the drop-down menu.
Click OK to close the window, and then click Apply.

Step 3: Configure Syslog Servers

In this step, you will add the Security Manager Data Collector as a syslog server for your ASA.

In ASDM, click Configuration, and then click the Device Management button.
Expand the Logging folder and click Syslog Servers.
Click Add.
In the IP Address box, type the IP address of your Security Manager Data Collector.
Select UDP as the Protocol.
Enter 514 as the Port.
Click OK to close the window, and then click Apply.