The send and receive email addresses are properly configured. The sysl

og server, however, I can not confirm at the moment if it is receiving syslog messages.

But right now my email account is not receiving logs.

Could you try this pls.

conf t

loggin message 111008 level 3

exit

write mem

Now, see if you receive the message via e-mail. You are only logging error level to mail and there may not be many that are generated.

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/l2.html#wp1751895

hostname(config)# logging mail critical

hostname(config)# logging from-address ciscosecurityappliance@example.com

hostname(config)# logging recipient-address admin@example.com

hostname(config)# smtp-server pri-smtp-host sec-smtp-host

-KS

KS,

I tried that but to no avail. Here's the current config now.

logging enable
logging timestamp
logging standby
logging list LOGGING level informational
logging console emergencies
logging monitor critical
logging buffered informational
logging trap critical
logging history errors
logging asdm warnings
logging mail critical
logging from-address admin@example.com

logging recipient-address admin@example.com level informational
logging recipient-address admin@example.com level errors
logging recipient-address admin@example.com level errors
logging facility 23
logging queue 1000
logging host inside CISCOWKS
logging host inside x.x.x.x
logging host inside x.x.x.x
logging host inside x.x.x.x
logging debug-trace
no logging message 106015
no logging message 106011
no logging message 302015
no logging message 302014
no logging message 302013
no logging message 304001
no logging message 302016
logging message 111008 level errors

Now your logging mail shows critical. It showed errors before.

change it to errors pls.

conf t

loggin mail errors

Issue a wri mem and see if it sends you the 111009 syslog via e-mail.

-KS

KS,

I just made that change but still no email. Any other suggestions?

Arshad

Is the e-mail server accessible from the ASA itself?

Are the e-mail getting to the e-mail server and just not getting to your e-mail account?

You can try a capture to see if the ASA is sending e-mails to the server:

access-list 101 permit ip host IP_of_the_ASA host IP_of_the_e-mail_server
access-list 101 permit ip host IP_of_the_e-mail_server host IP_of_the_ASA

capture E-MAIL access-list 101 packet-length 1512 interface (name_of_the_interface_used_to_reach_the_mail_server)

show capture E-MAIL

This will show us if the ASA is indeed sending packets to the e-mail server, and what kind of packets, and if there's a failure....

Federico.

I hope the firewall has connectivity to the e-mail server. Make sure to ping it using its IP address that you configured in the smtp-server line.

Besides that we just have to do captures like Federico says.

If you are running 7.2.4 and above you can simplify the capture command as following without any ACL.

cap capin int inside match tcp host 10.10.10.1 any eq 25

where 10.10.10.1 is the IP address of the inside interface. I am assuming the e-mail server is on the inside.

-KS

I ran the capture and I can see bi-directional communication between the firewall

and the email server. I've attached the some of the capture traffic.

My exchange administrator checked the server and saw the messages being block by the spam filter. He adjusted the filter and now I'm receiving alerts from the ASA. Thanks alot guys for all the help.

Arshad