Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1299
Views
0
Helpful
1
Replies

Syslog Messages106006

Umair Yaseen
Level 1
Level 1

‎09-19-2019 12:05 PM

On ASA 8.2 I am receiving bulk error notifications about 32K error messages in few hours for the syslog event ID 106006 The Message is as below ""Deny inbound UDP from 10.107.0.32/56506 to 10.113.13.67/514 on interface inside"" Someone please explain in details about above message and how can I stop this? As per my knowledge 10.107.0.32 IP is outside host & is trying to access inside host 10.113.13.67 ***Please also note that there is no host with the IP 10.113.13.67 inside our LAN
Labels:
Preview file
92 KB
0 Helpful
1 Reply 1

Seb Rupik
VIP Alumni
VIP Alumni

‎09-19-2019 12:43 PM

Hi there,

This message is simply telling you that no security policy (ie ACL) has been configured to permit this traffic, so it is being dropped.

https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/b_syslog/syslogs1.html#con_4768882

 

You can filter out these messages with the following config command:

no logging message 106006

Since you say you are seeing a great deal of these messages, I suggest you track down 10.107.0.32 (it is a private address so should reside somewhere on your company network) and determine why it is trying to reach 10.113.13.67 ? Is 10.113.13.67 a syslog server that should be receiving logs from 10.107.0.32, in which case perhaps you should explicitly permit the traffic though.

 

cheers,

Seb.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents