When setting up a Cisco ASA or PIX to send logs to a remote syslog server, you need to specify which facility to use. This can cause a bit of disconnect since the syslog server configuration uses names and the logging facility command in the Cisco Adaptive Security Appliance Software accepts only numbers. (Note: This is true of all ASA software versions up to and including 8.0(3), the most recent version at the time of this writing.)
Below is a chart mapping Cisco ASA facility numbers to syslog facility names.
| ASA / PIX Facility Number | Syslog Facility Name |
|---|---|
| 16 | LOCAL0 |
| 17 | LOCAL1 |
| 18 | LOCAL2 |
| 19 | LOCAL3 |
| 20 | LOCAL4 |
| 21 | LOCAL5 |
| 22 | LOCAL6 |
| 23 | LOCAL7 |
The default facility used by the Cisco ASA is 20 (LOCAL4).
Get Slaptijack updates delivered to your Inbox or RSS Reader for free!
Leave a Reply