Include the Device ID in Non-EMBLEM Format Syslog Messages
You can configure the ASA to include a device ID in non-EMBLEM-format syslog messages. You can specify only one type of device ID for syslog messages. This procedure is referred to by these procedures:
-
Send ASA Syslog Events to the Cisco Cloud Using the Command Line Interface
-
Send ASA Syslog Events to the Cisco Cloud using a Security Cloud Control Macro
This device identifier will be reflected in the SensorID field of a syslog event displayed on the Event Logging page.
Procedure
Step 1 | Select the ASA whose syslog messages you want to assign a device-id to. | ||
Step 2 | In the Device Actions pane, click >_ Command Line Interface. | ||
Step 3 | Use this command syntax to issue the logging device-id commands to the device. logging device-id{ cluster-id| context-name| hostname| ipaddressinterface_name[ system]| stringtext} Example:
The context-name keyword indicates that the name of the current context should be used as the device ID (applies to multiple context mode only). If you enable the logging device ID for the admin context in multiple context mode, messages that originate in the system execution space use a device ID of system, and messages that originate in the admin context use the name of the admin context as the device ID.
The cluster-id keyword specifies the unique name in the boot configuration of an individual ASA unit in the cluster as the device ID. The hostname keyword specifies that the hostname of the ASA should be used as the device ID. The ipaddress interface_name keyword-argument pair specifies that the interface IP address specified as interface_name should be used as the device ID. If you use the ipaddress keyword, the device ID becomes the specified ASA interface IP address, regardless of the interface from which the syslog message is sent. In the cluster environment, the system keyword dictates that the device ID becomes the system IP address on the interface. This keyword provides a single, consistent device ID for all syslog messages that are sent from the device. The string text keyword-argument pair specifies that the text string should be used as the device ID. The string can include as many as 16 characters. You cannot use blank spaces or any of the following characters:
| ||
Step 4 | Save your Changes to the Startup Config At the command prompt, type write memory. Example:
|