Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Cisco FWSM

You can integrate Cisco Firewall Service Module (FWSM) with JSA.

The Cisco FWSM DSM for JSA accepts FWSM events by using syslog. JSA records all relevant Cisco FWSM events.

Configuring Cisco FWSM to Forward Syslog Events

To integrate Cisco FWSM with JSA, you must configure your Cisco FWSM appliances to forward syslog events to JSA.

  1. Use a console connection, telnet, or SSH, to log in to the Cisco FWSM.

  2. Enable logging:

    logging on

  3. Change the logging level:

    logging trap <level>

    Where <level> is set from levels 1-7. By default, the logging trap level is set to 3 (error).

  4. Designate JSA as a host to receive the messages:

    logging host [interface] ip_address [tcp[/port] | udp[/port]] [format emblem]

    For example:

    logging host dmz1 192.168.1.5

    Where 192.168.1.5 is the IP address of your JSA system.

    You are now ready to configure the log source in JSA.

Syslog Log Source Parameters for Cisco FWSM

If JSA does not automatically detect the log source, add a Cisco FWSM log source on the JSA Console by using the syslog protocol.

When using the syslog protocol, there are specific parameters that you must use.

The following table describes the parameters that require specific values to collect syslog events from Cisco FWSM:

Table 1: Syslog Parameters for the Cisco FWSM DSM

Parameter

Value

Log Source type

Cisco Firewall Services Module (FWSM)

Protocol Configuration

Syslog

Log Source Identifier

Type the IP address or host name for the log source.

The identifier helps you determine which events came from your Cisco FWSM device.