Configuring Cisco ASA reporting with ProxyInspector using syslog

All articles

You can get firewall log files from any Cisco ASA devices (the 5500 series: 5505, 5510, 5520, 5540, 5550 5580 models and 5500-X series: 5506-X, 5508-X, 5512-X, 5515-X, 5516-X, 5525-X, 5545-X, 5555-X, 5585-X models, and Cisco Adaptive Security Virtual Appliance (ASAv)) by using an external Syslog server. You can use any Syslog server for Linux or Windows, provided that it runs 24/7 and ProxyInspector can access the log files. The Cisco ASA Firewall log files contain a limited amount of information and do not allow you to fully use ProxyInspector’s powerful features (reports on search phrases, viewed videos, downloaded files, etc.). So we recommend that you use the Cisco ASA CX Module (for the 5500 series) or FirePower Services (for the 5500-X NGFW series) log files.

Enable logging for the Cisco ASA Firewall using Cisco ASDM

Go to Configuration | Device Management | Logging | Logging Setup and enable logging:

Set up syslog in Cisco ASDM

Go to Configuration | Device Management | Logging | Logging Filters and set up the Syslog Servers filter value to Informational:

Go to Configuration | Device Management | Logging | Syslog Servers and add your syslog server:

Configuring ProxyInspector for Cisco ASA reporting

You need to specify the log files’ path and mask in ProxyInspector, so that it can access them. Typically, it’s a network path to a folder on the Syslog server. If you are using the Enterprise Edition, you need to do it in Settings | Domains and servers; and if you are using the Standard Edition, you need to do it in Settings | Base settings:

Tags: Cisco ASA, ProxyInspector, SysLog