This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

Troubleshooting CISCO Asa FW Event Source

ONaqellari
Contributor
Contributor

‎2020-06-25 07:36 AM

Hello,

Can anyone help me start troubleshooting cisco asa 5506 since i'm not getting any logs from it

All the configuration were done on the device

 

Thank You

0 Likes
2 REPLIES 2

KarimBenzina
Employee
Employee

‎2020-06-26 10:26 AM

Hi Ornaldo, 

I do have some questions in order to better help you troubleshoot the issue.

- Are you using syslog collection? 

- Are you sending the logs directly to a log decoder or though a VLC (remote collector)? (check that the syslog capture in the VLC or LD config is up and running)

- Can you check that you don't see any ASA logs in the UI? Example: device.ip=<ASA_IP> (if yu are using a syslog relay, you should search with the IP of the relay instead of the source)

if not,

- Can you check that the logs are really arriving on the NetWitness appliance (whether it is an LD or VLC) using tcpdump? Example: SSH to the LD or VLC and execute this: tcpdump -A -i any host <ASA_IP>

ONaqellari
Contributor
Contributor
In response to KarimBenzina

‎2020-08-31 04:46 AM

Hello. We have resolved. It was a missconfiguration on FW

© 2022 RSA Security LLC or its affiliates. All rights reserved.