It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda XDR

Setting up Cisco Adaptive Security Appliance (ASA) Collector

  • Last updated on


This setup is for the XDR Collector only. If you are using a physical or virtual sensor, refer to Integrating a Cisco Adaptive Security Appliance.

  • Enable Cisco Adaptive Security Appliance (ASA) Collector
  • Install the XDR Collector
  • Configure the Firewall
  • Open the Port on the XDR Collector Host
Enable the Cisco Adaptive Security Appliance (ASA) Collector
  1. In Barracuda XDR Dashboard, navigate to Administration >  Integrations.
  2. On the Cisco Adaptive Security Appliance card, click Setup.
    2024-02-29_11-20-17.png
  3. Select the Enable check box.
    CiscoASACollectorEdit.png
  4. Click Save.

Install the XDR Collector

When collecting logs from one or more integrated data sources, always set up the XDR Collector on a dedicated host server. Don't use an existing server because the amount of data produced by logs can impact critical infrastructure.

Configure the Firewall

Syslog servers can be defined in the Cisco Adaptive Security Appliance (ASA) Collector. Choose Configuration > Device Management > Logging > Syslog Servers.

  1. Click Add a syslog server and enter the following:
    • Specify the interface that the server is associated with.
    • IP Address: The static IP address of the system hosting the XDR Collector.
    • Specify the protocol: UDP
    • UDP port: 9220
  2. Click OK.

You can find more documentation at the following:

Open the Port on the XDR Collector Host

Ensure incoming traffic is allowed on UDP port 9220.

Linux

sudo ufw allow 9220/udp

Windows

netsh advfirewall firewall add rule name="Cisco ASA Firewall Events" dir=in action=allow protocol=UDP localport=9220