Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Cisco ACE Firewall

The JSA DSM for Cisco ACE Firewall collects syslog events from a Cisco ACE Firewall device.

JSA accepts events that are forwarded from Cisco ACE Firewall by using the Syslog protocol. JSA records all relevant events. Before you configure JSA to integrate with an ACE firewall, you must configure your Cisco ACE Firewall to forward all device logs to JSA.

Configuring Cisco ACE Firewall

Before you can collect Cisco ACE Firewall logs in JSA, you must forward Cisco ACE device logs to JSA.

  1. Log in to your Cisco ACE device.

  2. From the Shell Interface, select Main Menu >Advanced Options >Syslog Configuration.

  3. The Syslog Configuration menu varies depending on whether there are any syslog destination hosts configured yet. If no syslog destinations are configured, create one by selecting the Add First Server option. Click OK.

  4. Type the host name or IP address of the destination host and port in the First Syslog Server field. Click OK.

    The system restarts with new settings. When finished, the Syslog server window displays the host that is configured.

  5. Click OK.

    The Syslog Configuration menu is displayed. Notice that options for editing the server configuration, removing the server, or adding a second server are now available.

  6. If you want to add another server, click Add Second Server.

    At any time, click the View Syslog options to view existing server configurations.

  7. To return to the Advanced menu, click Return.

    The configuration is complete. The log source is added to JSA as Cisco ACE Firewall events are automatically discovered. Events that are forwarded to JSA by Cisco ACE Firewall appliances are displayed on the Log Activity tab of JSA.

Syslog Log Source Parameters for Cisco ACE Firewall

If JSA does not automatically detect the log source, add a Cisco ACE Firewall log source on the JSA Console by using the syslog protocol.

When using the syslog protocol, there are specific parameters that you must use.

The following table describes the parameters that require specific values to collect syslog events from Cisco ACE Firewall:

Table 1: Syslog Log Source Parameters for the Cisco ACE Firewall DSM

Parameter

Value

Log Source type

Cisco ACE Firewall

Protocol Configuration

Syslog

Log Source Identifier

Type the IP address or host name for the log source.

The identifier helps you determine which events came from your Cisco ACE Firewall.