When setting up a Cisco ASA or PIX to send logs to a remote syslog server, you need to specify which facility to use. This can cause a bit of disconnect since the syslog server configuration uses names and the logging facility command in the Cisco Adaptive Security Appliance Software accepts only numbers. (Note: This is true of all ASA software versions up to and including 8.0(3), the most recent version at the time of this writing.)

Below is a chart mapping Cisco ASA facility numbers to syslog facility names.

ASA / PIX Facility Number Syslog Facility Name

---

16 LOCAL0 17 LOCAL1 18 LOCAL2 19 LOCAL3 20 LOCAL4 21 LOCAL5 22 LOCAL6 23 LOCAL7

The default facility used by the Cisco ASA is 20 (LOCAL4).