Cloud log management service Papertrail. Minimal features are available for free, making it ideal for managing FW logs etc in home labs. Also, since it is not necessary to construct a syslog server, it is highly effective even in verification environments and the like.
Output FW log of Cisco ASA used as home lab to Papertrail.
Cisco ASA 5505: ASA9.3(2) No additional license
Setting up Papertrail
Papertrail does not require any special configuration to receive syslog. You can start using it just by user registration.
Click here Add your first system after logging in.
The syslog destination is displayed. In my case logs5.papertrailapp.com:18xxx destinations were specified. (Mask for security protection)
Cisco ASA FW syslog settings
As described in the previous image, procedures are described for OS such as Linux, Windows etc .. Because Cisco is not included in this, search from Not shown here? As described here, the log setting procedure of various network devices is described.
The content of the explanation is very simple, and the setting procedure of the FW log (syslog) destination is described.
logging enable logging host outside <host>.papertrailapp.com udp/11111 logging trap informational logging severity 5
As a caution, setting to send a large number of logs like
logging trap notification is deprecated. It is recommended to change to informational etc. after verifying the log.
It is recommended to use if rate-limit-logging is supported.
logging rate-limit 10 30 level debugging
Add setting to home ASA
I added the setting to home ASA (FW) by referring to the above. Basically you can add syslog settings as described. In my environment, trying to register as a host name resulted in an error.
ASA5505(config)# logging host outside ? configure mode commands/options: Hostname or A.B.C.D Specify the IP address or name of the syslog server. ASA5505(config)# logging host outside logs5.papertrailapp.com ? ERROR: % Unrecognized command
For this reason, confirm the DNS name resolution destination IP address and specify it by IP address. The protocol is indicated by protocol number 17 in running-config even if it is specified with udp.
logging host outside 126.96.36.199 17/18xxx
A new host is displayed in the Dashboard. By clicking this IP address you can check the log.
The Cisco ASA FW log (syslog) is displayed in Event. You can also search logs.
You can check the remaining capacity available for free use of Papertrail from Settings. The log can be searched for six days, and the past seven days can be acquired by archive.
Conclusion - Cisco ASA FW log (syslog) with Papertail
I started to manage the Cisco ASA FW log (syslog) with Papertrail. Since Papertrail can be used for free, it is considered useful in home laboratory testing environment.