This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Heath
Collaborator
‎2024-08-16 03:09 PM
Jump to solution

ASA Cisco Syslog to CP Issues

Has anyone seen issues with this setup after applying a hotfix? We applied R81.10 take 150 to our management server which is out logging server about a month ago. We recently noticed our Cisco ASA syslogs we used to have showing up in SC have stopped. We tracked it back to the install of take 150 hotfix install.  

Our personnel that set this up eventually is no longer on the team but when trying to troubleshoot I looked over sk55020 which looks to be the one needed for this setup to work. When looking in the $FWDIR/bin I don't find any .ini or .c files which show to be the location of the files needed for the syslog parsing.

I just wanted to post here to see if anyone has seen this in their environment. We double-checked and our Cisco ASA is still sending syslog messages to the server but these aren't getting parsed into the SC logs anymore.

0 Kudos
1 Solution

Accepted Solutions
Heath
Collaborator
‎2024-11-11 03:10 PM
Jump to solution

Come to find out we had an issue with our syslog daemon starting on our CP Management/Logging server. Once that was tracked down and resolved via TAC ticket the Cisco ASA syslogs were parsed without any issue into SmartLog.

Cisco ASA syslog parsing is built-in.

View solution in original post

0 Kudos
2 Replies
PhoneBoy
Admin
Admin
‎2024-08-16 03:42 PM
Jump to solution

Those files are definitely needed to turn the Cisco ASA logs into something meaningful in SmartView.
You may want to check a backup to see if those files still exist.
This might also require a TAC case: https://help.checkpoint.com 

0 Kudos
Heath
Collaborator
‎2024-11-11 03:10 PM
Jump to solution

Come to find out we had an issue with our syslog daemon starting on our CP Management/Logging server. Once that was tracked down and resolved via TAC ticket the Cisco ASA syslogs were parsed without any issue into SmartLog.

Cisco ASA syslog parsing is built-in.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    li.common.scroll-to.top