All firewalls have some type of logging feature, normally in the form of syslog capabilities, which documents the status of the firewall and how the firewall handles various types of traffic. These logs can provide information such as the source and destination IP addresses, port numbers, and protocols. This information can prove to be extremely valuable while doing incident response work or when trying to troubleshoot connectivity problems.
The following are instructions to set up the ASA firewalls of the ICS network to send events to the syslog service of our OSSIM server.