cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1696
Views
35
Helpful
6
Replies

ASA daily reboots

DStringfield
Level 1
Level 1

Hi there. I have two ASA5506Xs which have started rebooting daily. It appears to have started once I renewed their SSL certificates. However, everything SSL wise appears to be working fine. The two devices are connected by a network tunnel.

 

Thanks

6 Replies 6

Francesco Molino
VIP Alumni
VIP Alumni
Hi

Are you able to get logs of these devices to see what occurred before they reboot?

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Hi Francesco.

I have a syslog server setup but it doesn't record anything out of the ordinary before the reboots. I suspect that the buffer doesn't get written before the device goes offline. I guess I would just need to sit and manually monitor the logs going through to try and catch that or is there a better way? (should be doable as it happens at the same time each day).

Is it the VPN going down or a verified reboot? If it's a reboot is there a crashinfo file being written to disk0?

What version of ASA software are you running?

Hi Marvin. 
It's definitely a reboot, I have checked the uptimes for both devices and seen physically/had someone verify physically the device rebooting (status lights etc). I have attached the most recent crashinfo file for one of the devices. This device in particular is running ASA version 9.7(1)4.

The only things that looked concerning in the crashinfo.txt were these:

Reading from flash...
!!!!!!!!!!!!WARNING: Enabling the logging ftp-bufferwrap feature could cause a 
         depletion of all available memory under high syslog 
         rates. Please adjust your buffered logging level 
         appropriately
*** Output from config line 463, "logging ftp-bufferwrap"

Are you using that command for a specific reason?

Also, we see the following:

A CPU hog that lasted more than 10 seconds was detected. In most cases this could have triggered a crash. Open a TAC case to diagnose this problem further

Process: Unicorn Proxy Thread, PROC_PC_TOTAL: 1, MAXHOG: 14362, LASTHOG: 14362
...
Process: Unicorn Proxy Thread, NUMHOG: 1, MAXHOG: 14362, LASTHOG: 14362

Thanks Marvin!
In regards to the ftp-bufferwrap, I had been using that (in conjunction with an FTP server) to store critical logs. I had recently reduced the logging level to capture more informaiton to try and get more information about these errors. Interestingly though this was setup BEFORE we started getting these reboots.
And yeah that hog part doesn't look ideal. I guess it's off to Cisco support for me...
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: