Skip to main content

 

 

Cisco Defense Orchestrator

Include the Device ID in Non-EMBLEM Format Syslog Messages

You can configure the ASA to include a device ID in non-EMBLEM-format syslog messages. You can specify only one type of device ID for syslog messages. This procedure is referred to by these procedures: 

Procedure 

This device identifier will be reflected in the SensorID field of a syslog event displayed on the Event Logging page.

  1. Select the ASA whose syslog messages you want to assign a device-id to. 
  2. In the Device Actions pane, click >_ Command Line Interface.
  3. Use this command syntax to issue the logging device-id commands to the device. 

logging device-id {cluster-id | context-name | hostname | ipaddress interface_name [system] | string text}

Example:

> logging device-id hostname
> logging device-id context-name
> logging device-id string Cambridge

The context-name keyword indicates that the name of the current context should be used as the device ID (applies to multiple context mode only). If you enable the logging device ID for the admin context in multiple context mode, messages that originate in the system execution space use a device ID of system, and messages that originate in the admin context use the name of the admin context as the device ID.

Note: In an ASA cluster, always use the primary unit IP address for the selected interface.

The cluster-id keyword specifies the unique name in the boot configuration of an individual ASA unit in the cluster as the device ID.

The hostname keyword specifies that the hostname of the ASA should be used as the device ID.

The ipaddress interface_name keyword-argument pair specifies that the interface IP address specified as interface_name should be used as the device ID. If you use the ipaddress keyword, the device ID becomes the specified ASA interface IP address, regardless of the interface from which the syslog message is sent. In the cluster environment, the system keyword dictates that the device ID becomes the system IP address on the interface. This keyword provides a single, consistent device ID for all syslog messages that are sent from the device.

The string text keyword-argument pair specifies that the text string should be used as the device ID. The string can include as many as 16 characters.

You cannot use blank spaces or any of the following characters:

  • & (ampersand)
  • ‘ (single quote)
  • “ (double quote)
  • < (less than)
  • > (greater than)
  • ? (question mark)
  1. Save your Changes to the Startup Config

At the command prompt, type write memory

Example:

> write memory
  • Was this article helpful?