This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Heath_Mote
Collaborator
4 hours ago

ASA Cisco Syslog to CP Issues

Has anyone seen issues with this setup after applying a hotfix? We applied R81.10 take 150 to our management server which is out logging server about a month ago. We recently noticed our Cisco ASA syslogs we used to have showing up in SC have stopped. We tracked it back to the install of take 150 hotfix install.  

Our personnel that set this up eventually is no longer on the team but when trying to troubleshoot I looked over sk55020 which looks to be the one needed for this setup to work. When looking in the $FWDIR/bin I don't find any .ini or .c files which show to be the location of the files needed for the syslog parsing.

I just wanted to post here to see if anyone has seen this in their environment. We double-checked and our Cisco ASA is still sending syslog messages to the server but these aren't getting parsed into the SC logs anymore.

0 Kudos
1 Reply
PhoneBoy
Admin
Admin
4 hours ago

Those files are definitely needed to turn the Cisco ASA logs into something meaningful in SmartView.
You may want to check a backup to see if those files still exist.
This might also require a TAC case: https://help.checkpoint.com 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events