52-20
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 52 Configuring Logging Policies on Firewall Devices
Defining Syslog Servers
Defining Syslog Servers
The Syslog Servers page lets you specify the syslog servers to which the security appliance will send
syslog messages. To make use of the syslog servers you define, you must enable logging using the
Logging Setup page and set up the appropriate filters for destinations using the Logging Filters page.
Tip If you want to view events from an ASA device using Security Manager Event Viewer, ensure that you
define the Security Manager server as a syslog server. Also, if you use CS-MARS or other applications
to manage syslog events, include those servers in this policy.
By directing syslog records generated by a security appliance to a syslog server, you can process and
study the records.
Before You Begin
Enable logging. See Configuring Logging Setup, page 52-9.
Related Topics
Syslog Servers Page, page 52-21
Add/Edit Syslog Server Dialog Box, page 52-22
Step 1 Select Platform > Logging > Syslog > Syslog Servers to display the Syslog Servers page.
Step 2 Do one of the following:
To add a new syslog target, click the Add Row button.
To edit an existing syslog target, select the check box for the row, then click the Edit Row button.
Step 3 Enter or select the interface name in the Interface field.
The list displays all interfaces defined at the current scope.
Step 4 Enter or select the IP address of the syslog server in the IP Address field.
Step 5 Determine whether to use UDP or TCP, then click the appropriate radio button under Protocol.
Step 6 Enter the port from which the security appliance sends either UDP or TCP syslog messages. The port
must be the same port on which the syslog server listens.
TCP—1470 (Default). TCP ports work only with a security appliance syslog server.
UDP—514 (Default).
Step 7 To generate syslog messages using the EMBLEM format, select the Log messages in Cisco EMBLEM
format check box.
To enable this option, you must select UDP protocol to publish messages to this syslog server.
Step 8 Click OK.
The definition appears in the Syslog Servers table.