In this blog, we are going to set up the VMware vRealize Log Insight content pack for a Cisco ASA device for capturing syslog information. With setting up this pack we are able to provide a central location for storing the logging information and a way to maintain the data for longer periods of time.
Almost a year ago I moved from pfSense to a physical Cisco ASA firewall and it was time to improve the visibility into the firewall rules that were blocking and allowing traffic in my network. This was a nice opportunity to configure VMware vRealize Log Insight with an additional content pack.
Environment
When I was writing this blog post I was using the following software releases:
- Cisco ASA Software Version 9.13(1)
- VMware vRealize Log Insight 8.1.0
- VMware vRealize Log Insight content pack for Cisco ASA 1.6
In essence, the procedure is the same for older and newer versions of Log Insight and a Cisco ASA.
Log Insight Content Pack
Let’s start by installing the content pack on vRealize Log Insight. Make sure you install the Cisco ASA content pack for vRealize Log Insight. This can be found in the VMware marketplace that is available in the central VMware vRealize Log Insight interface.
Here is a screenshot with the location of were you can find the content pack:
Cisco ASA Configuration
Login into your Cisco ASA firewall with a console or SSH session and configure the syslog settings as displayed below. Keep in mind this is an example configuration, change the config based on your needs!
Here is an basic configuration example:
config t
logging enable
logging timestamp
logging trap debugging
logging host %interface% %ip-address_syslog_facility%
exit
To verify the status of the configuration run the following commands
### Show configuration and logging forwarding status
show logging
### View configuration
show run | grep logging
Here is an example output of my Cisco ASA:
Viewing information
After everything has been set up the dashboards will be populated with information received from the Cisco ASA.
Here are some screenshots from my environment:
Here are some useful examples of with kind of information you can expect from the Cisco ASA Content Pack for vRealize Log Insight. I personally think it is one of the best free content packs because the dashboards are really good at providing a lot of information with good solid diagrams.