Configuring syslog forwarding
To configure Cisco ASA to forward syslog events, some manual configuration is required.
- Log in to the Cisco ASA device.
- Type the following command to access privileged EXEC mode:
- Type the following command to access global configuration
- Enable logging:
- Configure the logging details:
logging console warning
logging trap warning
logging asdm warningNote: The Cisco ASA device can also be configured with logging trap informational to send additional events. However, this may increase the event rate (Events Per Second) of your device.
- Type the following command to configure logging to the QRadar® product:
logging host <interface> <IP address>Where:
Note: Using the command show interfaces displays all available interfaces for your Cisco device.
- <interface> is the name of the Cisco Adaptive Security Appliance interface.
- <IP address> is the IP address of the QRadar product.
- Disable the output object name option:
Disable the output object name option to ensure that the logs use IP addresses and not the object names.
- Exit the configuration:
- Save the changes: