• Support
  • Forums
  • Blogs

Cisco-ASA 5512-X support

FaizaFaiza

I have been trying to get cisco-asa 5512-X logs on OSSIM webserver lately. I can see the logs in /var/logs/cisco-asa.log file but no logs are displayed in SIEM security events. Events related to connection tear down are continuously updated in asset details section. I was checking the configuration file for ASA plugins which did not list ASA 5512-X as supported version. Could this be the problem? What else should I check? Pulling my hair out on this :(
Tagged:

Share post:

Answers

  • Faiza,

    It sounds like the plugin may actually be working. You had mentioned that the events are showing up in the asset details section, which is the expected behavior. Events are attributed not to the host generating the events, but to the source and destination of the event itself. We double check to confirm, however. There are two things to look into here:

    1 - From the log location you provided, the plpugin should not be enabled per asset, but as global. Have you enabled the Cisco ASA plugin on the Sesnor as described here?


    2 - With that completed, if you move to the SIEM page and select the datasource for the ASA, do you see events generated?
Sign In or Register to comment.