cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

319
Views
35
Helpful
6
Replies
Highlighted
Beginner

ASA daily reboots

Hi there. I have two ASA5506Xs which have started rebooting daily. It appears to have started once I renewed their SSL certificates. However, everything SSL wise appears to be working fine. The two devices are connected by a network tunnel.

 

Thanks

6 REPLIES 6
Highlighted
VIP Advisor

Re: ASA daily reboots

Hi

Are you able to get logs of these devices to see what occurred before they reboot?

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
Highlighted
Beginner

Re: ASA daily reboots

Hi Francesco.

I have a syslog server setup but it doesn't record anything out of the ordinary before the reboots. I suspect that the buffer doesn't get written before the device goes offline. I guess I would just need to sit and manually monitor the logs going through to try and catch that or is there a better way? (should be doable as it happens at the same time each day).
Highlighted
Hall of Fame Guru

Re: ASA daily reboots

Is it the VPN going down or a verified reboot? If it's a reboot is there a crashinfo file being written to disk0?

What version of ASA software are you running?

Highlighted
Beginner

Re: ASA daily reboots

Hi Marvin. 
It's definitely a reboot, I have checked the uptimes for both devices and seen physically/had someone verify physically the device rebooting (status lights etc). I have attached the most recent crashinfo file for one of the devices. This device in particular is running ASA version 9.7(1)4.

Highlighted
Hall of Fame Guru

Re: ASA daily reboots

The only things that looked concerning in the crashinfo.txt were these:

Reading from flash...
!!!!!!!!!!!!WARNING: Enabling the logging ftp-bufferwrap feature could cause a 
         depletion of all available memory under high syslog 
         rates. Please adjust your buffered logging level 
         appropriately
*** Output from config line 463, "logging ftp-bufferwrap"

Are you using that command for a specific reason?

Also, we see the following:

A CPU hog that lasted more than 10 seconds was detected. In most cases this could have triggered a crash. Open a TAC case to diagnose this problem further

Process: Unicorn Proxy Thread, PROC_PC_TOTAL: 1, MAXHOG: 14362, LASTHOG: 14362
...
Process: Unicorn Proxy Thread, NUMHOG: 1, MAXHOG: 14362, LASTHOG: 14362
Highlighted
Beginner

Re: ASA daily reboots

Thanks Marvin!
In regards to the ftp-bufferwrap, I had been using that (in conjunction with an FTP server) to store critical logs. I had recently reduced the logging level to capture more informaiton to try and get more information about these errors. Interestingly though this was setup BEFORE we started getting these reboots.
And yeah that hog part doesn't look ideal. I guess it's off to Cisco support for me...