https://community.cisco.com/t5/network-security/asa-syslog-stops-every-second-hour/m-p/2951228#M149157 <P>Hi,</P> <P></P> <P>Please take captures on the interface going to the Syslog server during the time of the issue.</P> <P></P> <P><G class="gr_ gr_118 gr-alert gr_gramm gr_run_anim Punctuation multiReplace" id="118" data-gr-id="118">Also</G> share the output of show logging queue of the ASA and show run logging.</P> <P></P> <P>Regards,</P> <P></P> <P>Aditya</P> <P></P> <P>Please rate helpful posts and mark correct answers.</P> <P></P> Tue, 18 Oct 2016 05:43:50 GMT Aditya Ganjoo 2016-10-18T05:43:50Z https://community.cisco.com/t5/network-security/asa-syslog-stops-every-second-hour/m-p/2951227#M149156 <P>Hi,</P> <P>I have a Cisco ASA5510 running v8.4(7)30. &nbsp;I have it logging syslog messages to a Linux server.</P> <P>I have noticed that every second hour it stops logging for one hour. &nbsp;For example this morning there was a one hour gap between 04:32:09 and 05:32:11. &nbsp;Then there is another gap from 06:32:04 to 07:32:28. &nbsp;So I get one hour of logs, then one hour with no logs, then another hour of logs and so on.</P> <P>I've looked back and noticed that this has been happening since this line was added to the config:</P> <PRE class="prettyprint"><SPAN>same-security-traffic&nbsp;permit&nbsp;intra-interface</SPAN></PRE> <P><SPAN>It has just stopped again. &nbsp;I logged on to ASDM and I can still see log messages coming through there, but nothing on my syslog server.</SPAN></P> <P>On the console I type in show logging and it show this:</P> <PRE class="prettyprint">Trap logging: level informational, facility 20, <SPAN style="text-decoration: underline;">9966824</SPAN> messages logged<BR /> Logging to inside syslog</PRE> <P>I do it again and the number of messages is still incrementing.</P> <P>I have lots of switches and another ASA5512 logging to the same syslog server and I don't see this happening with any other device.</P> <P>Does anyone have any idea what's going on? &nbsp;It seems that most times when I need to watch the log, the logs are not being written.</P> <P></P> <P>Thanks</P> <P>David</P> Tue, 12 Mar 2019 08:24:39 GMT https://community.cisco.com/t5/network-security/asa-syslog-stops-every-second-hour/m-p/2951227#M149156 davidrkirk 2019-03-12T08:24:39Z https://community.cisco.com/t5/network-security/asa-syslog-stops-every-second-hour/m-p/2951228#M149157 <P>Hi,</P> <P></P> <P>Please take captures on the interface going to the Syslog server during the time of the issue.</P> <P></P> <P><G class="gr_ gr_118 gr-alert gr_gramm gr_run_anim Punctuation multiReplace" id="118" data-gr-id="118">Also</G> share the output of show logging queue of the ASA and show run logging.</P> <P></P> <P>Regards,</P> <P></P> <P>Aditya</P> <P></P> <P>Please rate helpful posts and mark correct answers.</P> <P></P> Tue, 18 Oct 2016 05:43:50 GMT https://community.cisco.com/t5/network-security/asa-syslog-stops-every-second-hour/m-p/2951228#M149157 Aditya Ganjoo 2016-10-18T05:43:50Z https://community.cisco.com/t5/network-security/asa-syslog-stops-every-second-hour/m-p/2951229#M149158 <P>Hi Aditya,</P> <P>I've done a tcpdump on the Linux server and can see the data is coming through, so the problem is not with the ASA.</P> <P>I've done some more investigation on the Linux side. &nbsp;The syslog server logs to "/var/log/hosts/$HOST/$HOST.log". &nbsp;So, it relies on being able to do a reverse dns lookup. &nbsp;The ASA has two names in dns - "firewall" and "vpn". &nbsp;Once I deleted the second hostname in the reverse zone it seems to be logging all messages.</P> <P>Thanks for your help</P> <P></P> <P>David</P> Tue, 18 Oct 2016 20:14:27 GMT https://community.cisco.com/t5/network-security/asa-syslog-stops-every-second-hour/m-p/2951229#M149158 davidrkirk 2016-10-18T20:14:27Z