All,
If a Cisco ASA Firewall records a Syslog message in its logs, that syslog message is sent to LEM. Correct? While troubleshooting a network issue on a Cisco ASA, I looked at the ASA’s logs. They were a LOT of the following entry
: …%ASA-4-410001: Dropped UDP DNS reply from …
A change was made to correct this issue. However, using nDepth to search LEM, I cannot find any events for that message. Strange thing is I do see a TON of other events from the same ASA.
I would like to use LEM to help monitor this event by setting up a rule. However, I cannot find the event.
Any assistance would greatly be appreciated.
T.J.