ā04-12-2010 08:10 AM - edited ā03-11-2019 10:31 AM
Hi Guys,
I am trying to enable some debug on an ASA5510 running 8.2(1) and want this debug sent to a syslog server in a test environment. My current config is below -
logging enable
logging list test-ssh message 711001
logging buffer-size 10000
logging console warnings
logging monitor warnings
logging buffered debugging
logging trap test-ssh
logging asdm warnings
logging host inside X.X.X.X
logging debug-trace
At the moment I am just testing this by trapping message 711001 (debug). This all works when I enter the command 'debug ssh' and the messages get sent to my syslog server. If I do a 'show debug' it shows -
ciscoasa# sh deb
debug ssh enabled at level 255
The problem I am having is that as soon as I close my SSH session the debug command is completely removed and hence I stop receiving syslog. If I connect to the ASA again and do a 'show debug' there is nothing enabled.
Is there a way to enable a debug command permanently so that I can continue to receive the syslog message once the SSH session has been closed.
Regards,
Paul.
ā04-12-2010 08:14 AM
Hi,
You're saying that you do the command:
sh debug
And you see this:
debug ssh enabled at level 255
And when you close the SSH session it goes away?
Sh debug shows nothing?
Question:
When you close the SSH session how do log in to the ASA? Do you have other connection or you connect back in?
Federico.
ā04-12-2010 08:18 AM
Hi,
I am closing the SSH session, I have no other active open sessions and then I start a new SSH session to connect back in.
When I now do a sh debug it shows nothing -
ciscoasa# sh deb
ciscoasa#
Thanks,
Paul.
ā04-12-2010 08:22 AM
I just did it as a test and I got the same result!
Do you still get the debug log on the syslog server?
Federico.
ā04-12-2010 08:25 AM
Hi,
No, the debug output on the syslog server stops as soon as I close my session.
Paul.
ā04-12-2010 08:32 AM
Are you getting this message on the ASA:
ASA(config)# debug ssh
INFO: 'logging debug-trace' is enabled. All debug messages are currently being redirected to syslog:711001 and will not appear in any monitor session
debug ssh enabled at level 1
Federico.
ā04-12-2010 08:38 AM
Yes -
ciscoasa# deb ssh
INFO: 'logging debug-trace' is enabled. All debug messages are currently being redirected to syslog:711001 and will not appear in any monitor session
debug ssh enabled at level 1
ciscoasa#
Just to make sure I have also removed my message filter in case this was causing an issue. My config is now -
ciscoasa# sh run logging
logging enable
logging buffer-size 10000
logging console warnings
logging monitor warnings
logging buffered debugging
logging trap debugging
logging asdm warnings
logging host inside X.X.X.X
logging debug-trace
logging permit-hostdown
Paul.
ā04-12-2010 08:42 AM
Actually if you remove all logging commands:
clear config log
You got the same results.
This not only happens with the debug ssh correct?
For example if you configure any other debug as well, the same thing happens correct?
Federico.
ā04-12-2010 08:46 AM
Correct, if I configure any type of debug and then close the session the debug is removed. I have not been able to find any information about this as to whether it is expected behaviour or if there is a way around it.
Paul.
ā04-12-2010 08:59 AM
It seems the debugs are session specific.
It means that is expected behavior that disconnecting from an SSH session you no longer see the debug enabled.
The thing is that the logging debug-trace should keep sending the debugs to the syslog server.
Can you confirm that those messages are logged to the syslog server, but they stop appearing on the syslog server after disconnecting the SSH session?
Federico.
ā04-13-2010 12:58 AM
Yes the debug messages are logged to the syslog server but as soon as I disconnect my SSH session I stop receiving the debug.
Paul.
ā04-13-2010 07:19 AM
I have just opened a case with Cisco TAC to enquire about this and they have confirmed it is currently expected behaviour that debug is session based. As soon as you close your session onto an ASA all debug from your session is removed.
In case it helps or anyone is interested, Cisco have a bug open to add this as a feature enhancement in future code - CSCse30168
Regards,
Paul.
ā12-31-2019 12:50 AM
Hi, in case someone would need to keep a debug active for a while, there is a workaround: set the anti-idle feature in your SSH client.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide