Our Integration guide was accurate at the time of writing but vendors change things frequently! If you find errors or anything is outdated, let us know by raising a request in the Samurai Help Center and we shall get it updated.
Samurai [Local] Collector
|Samurai [Cloud] Collector|
|Cisco Secure Firewall (ASA Appliances)||
This guide describes the steps required to configure Cisco Secure Firewall (ASA Appliances) to send logs to a Samurai XDR Local Collector deployed on your network. Your Cisco appliances require access to the Local Collector via syslog on port 514/UDP.
To complete this Integration you will need to:
1) From your Cisco Firewall:
Perform the following steps to configure syslog:
1. Log in to the Cisco ASA
2. From the command line specify the following commands to setup logging:
logging trap debugging
logging queue 1024
logging host [interface name] [Local Collector IP Address]
[interface name] is the name of the interface closest/routable to the Local Collector, and
[Local Collector IP Address ] is the IP address of the Samurai XDR Local Collector deployed on your
For further information from Cisco on CLI configuration you can refer to Cisco ASA Series General Operations CLI Configuration Guide.
For integrations that utilize a Local Collector where we ingest syslog only, you do not need to follow specific steps in the Samurai XDR Application as we auto detect the vendor and product. The only reason you need to use the Samurai XDR Application is if you need to determine the Local Collector IP address. Of course you will still need to ensure the integration is functioning! See Integrations for more information on checking status.