topic Re: ASA firewall doesn't send logs to syslog server in Network Security

ASA firewall doesn't send logs to syslog server

Mehrzad Sharifi — Sun, 12 Mar 2023 13:50:24 GMT

Hi., I have a problem. my ASA firewall doesn't send traffic to syslog server for UDP 514. however, it seems it works on other ports because I can see the checkpoint firewall showing the flow as it is the next hope.
we have two syslog server. it doesn't log on one but sometimes it works on the other one.,
it used to work but it stopped working
I increased the size to 1024 and reload the device, didn't help. just the drops disappeared. can somebody help please?

no logging hide username
logging buffer-size 1048576
logging asdm-buffer-size 512
logging monitor informational
logging buffered debugging
logging trap informational
logging history informational
logging asdm emergencies
logging queue 1024
logging device-id hostname
logging host management x.x.x.x.
logging host management x.x.x.x.
logging debug-trace
logging flash-minimum-free 3076
logging flash-maximum-allocation 51200

----------

Logging Queue length limit : 1024 msg(s)
0 msg(s) discarded due to queue overflow
0 msg(s) discarded due to memory allocation failure
Current 0 msg on queue, 976 msgs most on queue
---------------
capture shows the packet is being sent:
1: 14:51:12.826754 0050.56ab.21cd 0050.569c.0624 0x0800 Length: 345
ASA Firewall ip.514 > 1st syslog server.514: [udp sum ok] udp 303 (ttl 255, id 32544)
2: 14:51:12.826754 0050.56ab.21cd 0050.569c.0624 0x0800 Length: 345
ASA Firewall ip.514 > 2st syslog server.514: [udp sum ok] udp 303 (ttl 255, id 4313)

___________________
Cisco Adaptive Security Appliance Software Version 9.16(2)14
SSP Operating System Version 2.10(1.182)
Device Manager Version 7.17(1)152
REST API Agent Version 7.16.1.75

Re: ASA firewall doesn't send logs to syslog server

MHM Cisco World — Sun, 12 Mar 2023 14:50:18 GMT

logging host interface_name ip_address [tcp[/port] | udp[/port]] [format emblem]

config UDP/TCP port and host IP and interface that ASA use to connect to host.

Re: ASA firewall doesn't send logs to syslog server

Mehrzad Sharifi — Sun, 12 Mar 2023 14:05:29 GMT

Hi, Thanks for repling,
As you can see above , it is configured like this :
logging host management x.x.x.x.
logging host management x.x.x.x.
and I can see in ASDM that port 514 is configured for it, so I don't think this is the solution

Re: ASA firewall doesn't send logs to syslog server

MHM Cisco World — Sun, 12 Mar 2023 14:53:15 GMT

are you sure server listen to UDP 514 ? ore it use different UDP port or use TCP port?
try

ping [if_name] host [repeat count] [timeout seconds] [data pattern] [size bytes] [validate]

ping to log server using management interface. check the reachability

Re: ASA firewall doesn't send logs to syslog server

Mehrzad Sharifi — Mon, 13 Mar 2023 11:00:19 GMT

yes, it is reachable. the interesting part is sometimes it works and sometimes it doesn't, so connectivity is totally fine,