disturbedone
Vendor
I'm relatively inexperienced with the ASA so I'm wanting to find out what is possible with regards to historical logging. I use the real time logging quite a bit to troubleshoot issues but on rare occasions an event occurs and I need to look at a historical log to see what occurred at that time.
For example, yesterday some SMTP traffic was sent from something on our network that resulted in us getting onto a blacklist (luckily only one and that has since been removed). I know, from the blacklist details, that this traffic was last recorded at about 6am. But there's no way to go back in the ASA and see what occurred at that time - that makes sense, it would be impossible to store all that data.
So how can data be offloaded to another storage device so I can see the logs from eg up to a week ago? I haven't had anything to do with syslog servers but that looks like it's just errors/warnings etc rather than complete traffic logs.
What is a good way to do this?
For example, yesterday some SMTP traffic was sent from something on our network that resulted in us getting onto a blacklist (luckily only one and that has since been removed). I know, from the blacklist details, that this traffic was last recorded at about 6am. But there's no way to go back in the ASA and see what occurred at that time - that makes sense, it would be impossible to store all that data.
So how can data be offloaded to another storage device so I can see the logs from eg up to a week ago? I haven't had anything to do with syslog servers but that looks like it's just errors/warnings etc rather than complete traffic logs.
What is a good way to do this?