The guide is intended to assist the device administrators, while configuring their Cisco ASA Firewalls, to forward logs to SIEM Collector. This is push-based log collection method.
To configure Cisco ASA to forward syslog events:
- Log in to the Cisco ASA device.
Type the following command to access privileged EXEC mode:
- Type the following command to access global configuration mode:
- Enable logging:
- Configure the logging details:
logging console warning
logging trap warning
logging asdm warning
- Type the following command to configure logging to IBM® QRadar®:
logging host <interface> <IP address>
<interface> is the name of the Cisco Adaptive Security Appliance interface.
<IP address> is the IP address of QRadar
- Disable the output object name option:
Disable the output object name option to ensure that the logs use IP addresses and not the object names.
- Configure to include hostname in syslog header:
logging device-id hostname
- Configure to enable timestamp logging :
logging timestamp rfc5424
- Exit the configuration:
- Save the changes: