8/18/2019 AlienVault Device Integration Cisco ASA

1/5

 

Copyright© 2014 AlienVault. All rights reserved.

AlienVault Unified Security Management™ Solution 

Complete. Simple. Affordable

Device Integration: Cisco ASA

8/18/2019 AlienVault Device Integration Cisco ASA

2/5

 

 AlienVault™, AlienVault Unified Security Management™, AlienVault USM™, AlienVault Open Threat Exchange™, AlienVault OTX™, Open Threat Exchange™, AlienVault OTX Reputation

Monitor™, AlienVault OTX Reputation Monitor Alert™, AlienVault OSSIM™ and OSSIM™ are trademarks or service marks of AlienVault. 

8/18/2019 AlienVault Device Integration Cisco ASA

3/5

 

 AlienVault Unified Security Management™ Solution

Device Integration: Cisco ASA

DC-00102 Edition 02 Copyright© 2014 AlienVault. All rights reserved. Page 3 of 5

CONTENTS

1. 

INTRODUCTION ..................................................................................................... 4 

2. 

CISCO ASA DATA INFORMATION ....................................................................... 4 

3.  CONFIGURING CISCO ASA TO SEND LOG DATA TO ALIENVAULT ................ 4 

4.  HOW TO ENABLE THIS PLUGIN .......................................................................... 5 

8/18/2019 AlienVault Device Integration Cisco ASA

4/5

 

 AlienVault Unified Security Management™ Solution

Device Integration: Cisco ASA

DC-00102 Edition 02 Copyright© 2014 AlienVault. All rights reserved. Page 4 of 5

1. INTRODUCTION

The objective of this document is to explain how to configure a Cisco ASA device to send logdata to AlienVault USM.

This document is related to the AlienVault document “Data Source Plugin Management”. Theexplanation about how to enable plugins can be found in that document.

2. CISCO ASA DATA INFORMATION

Device Name  ASA

Device Vendor Cisco

Device Type UTM

Data Source Name cisco-asa

Connection Type Syslog

Data Source ID 1636

3. CONFIGURING CISCO ASA TO SEND LOG DATA TO ALIENVAULT

Cisco ASA must be configured to send log data to an AlienVault Sensor over the syslog

protocol.

Pre-Requisites:

  IP Address of the AlienVault Sensor or All-in-One 

1. Connect to the ASA box with telnet or SSH, enter enable mode to begin configuration.  

!"#$%!

2. Enter the configure mode by typing the following command: 

'(")*+ ,!-.*"#%

3. Type the following lines: 

"( %(++*"+ ,*.!/,#.0

https://alienvault.bloomfire.com/posts/661002-plugins-managementhttps://alienvault.bloomfire.com/posts/661002-plugins-managementhttps://alienvault.bloomfire.com/posts/661002-plugins-managementhttps://alienvault.bloomfire.com/posts/661002-plugins-management

8/18/2019 AlienVault Device Integration Cisco ASA

5/5

 

 AlienVault Unified Security Management™ Solution

Device Integration: Cisco ASA

DC-00102 Edition 02 Copyright© 2014 AlienVault. All rights reserved. Page 5 of 5

%(++*"+ ,-#0 "(,*)*'#,*("

%(++*"+ 1(/, *"/*2! 3456722-!//67%*!"8#9%,6:!"/(-;

4. Press Ctrl+Z to exit config mode. 

5. Save the configuration changes: 

'(0< -9""*"+='(")*+ /,#-,90='(")*+

4. HOW TO ENABLE THIS PLUGIN

This plugin is already configured, but it is necessary to enable it, through command line

console or through the web interface. The instructions about how to enable this plugin can befound in the AlienVault document “Data Source Plugin Management”. 

https://alienvault.bloomfire.com/posts/661002-plugins-managementhttps://alienvault.bloomfire.com/posts/661002-plugins-managementhttps://alienvault.bloomfire.com/posts/661002-plugins-managementhttps://alienvault.bloomfire.com/posts/661002-plugins-management