topic Re: ASA, tracking, failover, notification in Network Security

ASA, tracking, failover, notification

scott.bridges — Mon, 11 Mar 2019 18:00:47 GMT

This was my original thread which is now working great (thanks!): https://supportforums.cisco.com/thread/2024835?tstart=0

I notice that when the main line goes down and the backup kicks in, it is transparent to the user, which is great. But one drawback is that I would never know (or delayed to know) when the main line went down.

Is there a way to setup SMTP notifications for this? I'm assuming some SMTP configuration and a syslog server (like Kiwi)?

Any tips appreciated.

Thanks

Re: ASA, tracking, failover, notification

Jennifer Halim — Thu, 17 Jun 2010 16:13:48 GMT

You can setup syslog and also send email when that particular syslog messages are getting triggered.

The syslog message ID for changes in the tracking is 622001:
http://www.cisco.com/en/US/docs/security/asa/asa80/system/message/logmsgs.html#wp4774896

Example:

logging list track-list message 622001

logging mail track-list

logging from-address

logging recipient-address

smtp-server

OR/ alternatively you can just send it to a syslog server (kiwi):

logging list track-list message 622001

logging trap track-list

Hope that helps.

Re: ASA, tracking, failover, notification

scott.bridges — Thu, 01 Jul 2010 19:21:46 GMT

Hello,

Thank you for your help and sorry for the delay.

I'm going with the first suggestion. Here is my config:

logging list track-list message 622001

logging list test message 111001

logging asdm informational

logging mail test

logging from-address firewall@company.com

logging recipient-address scott@company.com level errors

smtp-server 192.168.1.10

I initially created the "track-list" config, but did not receive an email when I unplugged the T1 (activating the failover). I then created the "test" list and assigned it to "111001". From what I read, this should send off an email whenever anything does a "write" command (write mem).

I am still not getting an email. Before I start troubleshooting with the SMTP server, is there any way I can make sure the ASA is generating the email?

Thank you!

Re: ASA, tracking, failover, notification

Jennifer Halim — Thu, 01 Jul 2010 23:23:59 GMT

As per this line of configuration:

logging recipient-address scott@company.com level errors

--> you'll be sending syslog with errors level (level 3) only, while the test list that you have configured for, ie: syslog# 11101 falls under notification level (level 5).

Also, please double check if logging has been turned on (show log), otherwise, the command to turn logging on is "logging enable".

To test the syslog mail, i would suggest a few things:

1) Change "logging mail test" to "logging mail 5", and also remove the "level errors" from the logging recipient-address command.

This will prove if you are getting any mails at all from the ASA.

2) If the above still does not give you any mails, you might want to run packet capture on the ASA interface where the mail server is connected to, to see if the ASA is even sending the email out. If it does, you might want to check your email server. If it doesn't, we might need to troubleshoot more on the syslog email portion.

3) If the above 1) works just fine, then you can tailor the syslog list accordingly.

topic Re: ASA, tracking, failover, *notification* in Network Security

ASA, tracking, failover, *notification*

Re: ASA, tracking, failover, *notification*

Re: ASA, tracking, failover, *notification*

Re: ASA, tracking, failover, *notification*

topic Re: ASA, tracking, failover, notification in Network Security

ASA, tracking, failover, notification

Re: ASA, tracking, failover, notification

Re: ASA, tracking, failover, notification

Re: ASA, tracking, failover, notification