Getting syslog from cisco 5585 how to segerate from traffic logs?
Support ,
I need some help, I want syslog from cisco asa 5585 to come to siem , but the networking guy says he can configure cisco asa 5585 to send both traffic and syslog together; there is no segerration; I don't want this to happen im just interested in getting the syslog events. In almost every firewall e.g juniper to send only traffic logs.
If its true what the networking guy says, its a very poor desgin where there is high coupling between processes;if they are dependent and one is needed to get the other what about if one thing fails?
I'm the sec guy; and I don't have the config guide about how cisco asa works at that level; i will appreciate if someone can verify or better suggest me a workaround if there exists to this issue.
Thanks.
Hi,
So you have been told that some other traffic would be also sent through the interface? That should not be the case. I dont know why the ASA would need to send any traffic to your server other than UDP/514 port traffic. If I remember correctly that is the UDP ports used.
If I would have to guess there might be a little missunderstanding between you. They might mean that they are already sending logs to some Syslos Server and the log level has been set so that the logs include all logs of connection forming through the ASA and therefore would send you very specific logs about the ASA.
The logging level set for logs that are sent to Syslog server applies to every target Syslog server. I dont think you can even specify different logging levels to different servers. But I might be mistaken.
But I am not sure what the situation is. Sounds a bit wierd.
We use a dedicated interface on ASAs to send logs to Syslog server. We might also use link for some remote management connections and monitoring.
- Jouni
Similar Messages
-
I get this from system log using latest version of Firefox:
[32282.000367] firefox:2114 freeing invalid memtype c02f2000-c0302000
What kind of problem is this?
Anyway Firefox seem to be working correct. I would like to be sure that it'snt a security problem.Thanks a lot for your swift response. And sorry if it was a bit too hectic to go through my detailed query (which I did because it was misunderstood when I asked previously). As I've mentioned above, I was informed that updating to 5.0.1 would '''require''' me to '''delete''' the current version and then install the new one. And doing so will involve losing all my bookmarks. I guess I should have been more specific and detailed there. By losing, I didn't mean losing them forever. I'm aware that they're secured in some place and deleting and installing the software doesn't harm its existence. What I meant that if I install the new version, I'd have to delete the old one. And after installing the new version, I'd have to transfer them (bookmarks) back from wherever they are. Get it? When it updated from 3.6.9 to 3.6.13, and from 3.6.13 to 3.6.18, I didn't need to follow that process. They were already present on their own.
BTW, I'm having no problems with 3.6.18 but after learning about the existence of version 5.0.1, I'm a bit too eager to lay my hands over it.
Thanks for your help; hope this wasn't extremely long. -
Need suggestion to get data from change log table of ODS.
Hello,
There is a case where i am loading opportunity header data from header ODS and opportunity item data from item ODS in the opportunity cube.
Status (1= OPEN, 2= WON ETC) of the opportunity are available only in header ODS and not in item ODS.
While loading data from header ODS to cube, I am loading it directly but while loading data from item ODS to cube i am using active data table of header ODS as a lookup in the update rule from item ODS to cube. I am selecting status from the active data table of header ODS while loading data from item ODS to cube.
Since active data table will have only after image records, there is some data mismatch in the report as i am selecting data from active data table of header ODS while loading data from item ODS to cube.
I need to select data from Change log in order to get before image also instead of active data table in order to overcome this issue. Is there any way by which i can do selection from Change log instead of active data table as change logs are generated at run time.
Please let me know if you have any suggestions.
Regards,
Sanjay Chaurasia.Hi,
You can use the changelog table of the DSO.
Right click manage the Header DSO, go to the contents tab and click Change Log table. There you can see the technical name of the Change Log table.
In the update rule Routine, give the tech name of Change log table instead of Active table name.
Hope it helps.
Krishna -
ASA5505 how to record the traffic log
Hello, everyone,
I want to analysis the log from asa5505,
I have configured the device to send the log to a syslog server.
but I found the log seems like event log, it's format like below :
6|Nov 11 2010|18:07:33|302014|192.168.2.22|192.168.1.2|Teardown TCP connection 986 for outside:218.30.82.201/80 to inside:192.168.1.2/1764 duration 0:10:01 bytes 619 FIN Timeout
I want to obtain the traffic log, it may contains each connection record information, including send bytes and receive bytes, URL and so on...
but I can't find out how to setup the device to let the asa5505 record the traffic log,
someone can give some tips, thanks in advanced.Hi,
You need to enable the Netflow protocol.
Here are two documents related to Netflow for Cisco ASA:
https://supportforums.cisco.com/docs/DOC-6114
https://supportforums.cisco.com/docs/DOC-6113
Best regards,
Giorgos -
ICWC: Getting messages from application log
HI there,
I'm trying to retrieve messages from the SAP GUI application log. Right now, the standard views do get the messages, but I have introduced a new viewset and view. These new viewsets and views do not seem to display the error messages.
Any help is much appreciated.
Cheers,
JHi Joshua,
Application log messages do not appear by default in ICWC. Application developers have to add the appropriate messages in the global message container either in the GENIL implementation (where standard APIs are called) or in the UI of your custom-built views, wherever convenient.
I hope this has given you some hints.
Regards,
Sudipta. -
Dealing with a 4rd party application that inserts into its log table, but watching sql profiler i see a ton of the same traffic. Its trying to insert into the table, but generates an error that mentions the transaction log for that DB is full.
Well, earlier I had reset the recovery mode to simple, from full since this is a test system and dont really care about recovery.
So the message mentions to check the log_reuse_wait_desc column in sys.databases and there the value is 'CHECKPOINT'. At least at that point in time.
There is plenty of space in the transaction log and the physical disk has plenty of space as well.
What could be causing the error that seems to suggest the transaction log is full, when in fact it is not?What is the setup for autogrowth on the log file?
Transaction log shrink:
http://www.sqlusa.com/bestpractices2005/shrinklog/
Kalman Toth Database & OLAP Architect
SQL Server 2014 Design & Programming
New Book / Kindle: Exam 70-461 Bootcamp: Querying Microsoft SQL Server 2012 -
qHow do u get help from apple support with iChat? I was able to chat with support last week to solve my problem but now the same issue is back and I don't see the option to chat now?
For what it is worth I have noticed a similar issue from the iPad3 while at work and home. At work we have two Apple TV 3rd Generation installed and tied to our A/V system. I believe the issue has to do with a timeout on the broadcast saying "here I am" and allowing devices to connect.
For example:
At work we have several Wi-Fi SSID being broadcast from Cisco APs. The only one we can use with the Apple TV is the one that uses a WEP since the others are either setup to be hidden, require web page authentication, or have a login requirement from employees. Essentially, what I believe the issue is that the Apple TV periodically broadcasts a message to other iOS devices that support Mirroring. When the Apple TV does not get a response from a device it goes into a dormant mode and requires either a command from the remote control or a reboot. This has been tested with both the power management enabled and not enabled with the same results.
As for when I come home, the Apple TV3 has not seen the device in some time and therefore is not broadcasting it's location information. A simple click of the circle or menu keys on the remote will give it the command to start broadcasting again and allow the iPad3 to see the Apple TV. When trying to Home Share the computer can not play (iTunes 11, Win8RTM) until the Apple TV is awoken then it will show up for mirroing.
This may or may not assist you but, it hopefully explains how the issue may be happening. -
How are you supposed to get help from Apple if you don't know what your serial number is? They say to input the serial number of the "product" that you are asking about. Since my problem is how to deauthorize/authorize computers, and they are saying I have more than 5 (which I have never owned more than 5 computers in my life), I can't imagine what serial number they mean. Does it mean your desktop computer? If so, which one? Do they mean your device? LIke your iPhone, iPod or whatever? Do they mean the software ON one of your computers and/or devices? If so, which program, and on which computer/device?
We have three operational computers, one does not have iTunes on it. Since Apple is saying I have more than 5 authorized computers, and I can't imagine what they are, I am afraid to deauthorize all my computers. See what I mean? I just wanted to ask the question about how I can find out WHICH computers Apple thinks I have authorized, so I can decide if it's safe to deauthorize them all or not. I only know of 2 computers that have iTunes on them, so how can there be 5? We also have 2 iPhones and 2 iPods in this family, but one of the iPhones has his own apple id. He may have been using mine, since his computer died. I read that those don't count as "computers" to the 5. Do they, then?
Help! I can't contact apple because I have no idea what they mean about serial number. I doubt they would help me anyway. In order to get the serial number off my desktop computer (that has iTunes on it already), I will have to move furniture, so I don't want to if that's not it. Is there some way to find the serial number in the software, either on my desktop or my iPhone?sunshinecowgill wrote:
We have three operational computers, one does not have iTunes on it. Since Apple is saying I have more than 5 authorized computers, and I can't imagine what they are, I am afraid to deauthorize all my computers. See what I mean? I just wanted to ask the question about how I can find out WHICH computers Apple thinks I have authorized, so I can decide if it's safe to deauthorize them all or not.
You could have more 5 computers authorized if you ever, for example, reformatted a hard drive or replaced a hard drive without deauthorizing the computer first. Apple's system would see that as a different computer, even though you don't. There's nothing to be afraid of in deauthorizing everything and the reauthorizing what you actually have. You won't lose any data. Mistimp is correct, they can't tell you which computers are authorized. -
Is there another way of getting apps from the appstore without putting your credit card number in, ive heard about the itunes gift card thing can anybody just give me more info about that and how i can buy free things free things from the appstore...pls help as im only a teenager and have no credit credit and my parents dont trust me with theres and they dont care about the fact that you can set up a password/.... PLEASE SOMEONE HELP I WILL BE SO GRATEFUL... And i would really like to get the iphone 4 but if there is no way of etting apps without your credit number then i would have to get a samsung galaxy s3 maybe ...
You can set up an Apple ID without a credit card.
Create iTunes Store account without credit card - Support - Apple - http://support.apple.com/kb/ht2534 -
I have changed from an iPhone to a Sony but when my wife send a message it still gets sent as an iMessage how do I change the settings
Hello, Vespa Boy125.
Thank you for visiting Apple Support Communities.
Here are the steps that you will need to process on your line to remove your number from iMessage.
iOS: Deactivating iMessage
http://support.apple.com/kb/ts5185
Cheers,
Jason H. -
I keep getting calls from a block caller id and it's some dude speaking arabian what do i do? How do i stop this?
Stop answering calls with blocked numbers. If it's someone who really wants to talk to you, they'll leave you a message and you can call them back.
-
From two given tables, how do you fetch the values from two columns using values from one column(get values from col.A if col.A is not null and get values from col.B if col.A is null)?
Hi,
Use NVL or COALESCE:
NVL (col_a, col_b)
Returns col_a if col_a is not NULL; otherwise, it returns col_b.
Col_a and col_b must have similar (if not identical) datatypes; for example, if col_a is a DATE, then col_b can be another DATE or it can be a TIMESTAMP, but it can't be a VARCHAR2.
For more about NVL and COALESCE, see the SQL Language manual: http://docs.oracle.com/cd/E11882_01/server.112/e26088/functions119.htm#sthref1310
I hope this answers your question.
If not, post a little sample data (CREATE TABLE and INSERT statements, relevant columns only) for all tables involved, and also post the results you want from that data.
Explain, using specific examples, how you get those results from that data.
Always say which version of Oracle you're using (e.g., 11.2.0.2.0).
See the forum FAQ: https://forums.oracle.com/message/9362002 -
How do I get pics from my photo stream to my desktop. They don't show up in iTunes or file mgr
Somehow when I take pics the go into my photo stream and not my camera roll. first issue
When I hook up to itunes on my Windows 7 computer only the camera roll shows up.
I don't know where to fix what file the pics go into and I don't know how to get pics from the stream onto the camera roll or some other file.
The same thing happens on my Iphone too so I'm sure it's pilot error. There's a lot of I don't know's in this question
Thanks anybody for your help
MChaunceyImporting Personal Photos and videos from your iOS device to your computer.
http://support.apple.com/kb/HT4083
Cheers, Tom -
How can I get values from listbox?
Hi all,
I need to get price values from Price List (Inventory -> Item Master Data screen). It's important to get values from field 'Price' BEFORE item will be added/updated.
How can I get values from Pricelist listbox?
Thanks for any suggestions or short sample code.
Best regards,
AndyHi Andy
Here is som sample code that will get the description of the price list and also the price that is displaying at the time. The item master must be open for this snippet of code
Public Sub GetItemPriceFromOpenWindow()
'this is assuming item master is open
Dim oEdit As SAPbouiCOM.EditText
oEdit = SBO_Application.Forms.GetForm("150", 1).Items.Item("34").Specific
SBO_Application.MessageBox(oEdit.Value)
Dim oCmb As SAPbouiCOM.ComboBox
oCmb = SBO_Application.Forms.GetForm("150", 1).Items.Item("24").Specific
SBO_Application.MessageBox(oCmb.Selected.Description)
End Sub
Hope it helps -
How to get values from a table(in jsp) for validation using javascript.
hi,
this is praveen,pls tell me the procedure to get values from a table(in jsp) for validation using javascript.
thank you in advance.Yes i did try the same ..
BEGIN
select PROD_tYPE into :P185_OFF_CITY from
magcrm_setup where atype = 'CITY' ;
:p185_OFF_CITY := 'XXX';
insert into mtest values ('inside foolter');
END;
When i checked the mtest table it shos me the row inserted...
inside foolter .. Now this means everything did get execute properly
But still the vallue of off_city is null or emtpy...
i check the filed and still its empty..
while mtest had those records..seems like some process is cleaining the values...but cant see such process...
a bit confused..here..I tried on Load after footer...
tried chaning the squence number of process ..but still it doesnt help
some how the session variables gets changed...and it is changed to empty
Edited by: pauljohny on Jan 3, 2012 2:01 AM
Edited by: pauljohny on Jan 3, 2012 2:03 AM
Maybe you are looking for
-
My ipod touch 5th gen wont turn on
Help! 5th gen iPod touch won't turn on or connect to computer!
-
Troubleshoot and Setup FiOS TV Programming with VZ In-Home Agent
VZ In-Home Agent is a tool that helps you setup and troubleshoot your FiOS TV programming. This tool is simple, easy-to-use and has information about various features of your FiOS TV programming along with quick fixes for most of the common problems.
-
How can I transfer a purchased App to my daughters iPad
I purchased an App for my daughter to try and at the time we only had 1 iPad, mine. The app was/is for school work, note taking, and it was a huge success. Now I want to make that iPad hers so she can sync it to her laptop (MB 13). The trouble is I d
-
I cannot uninstall Windows Media Player from add-ons.My problem is when I click any Mp3's download button then it open instead of save the file.So, I need to uninstall Windows Media Player.
-
I have a new Macbook Pro. It can see, but won't join the open wireless networks that my existing Macbook Pro joins. What can I do, please?