Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1095
Views
1
Helpful
4
Replies

ASA firewall doesn't send logs to syslog server

Mehrzad Sharifi
Level 1
Level 1

‎03-12-2023 06:48 AM - edited ‎03-12-2023 06:50 AM

Hi., I have a problem. my ASA firewall doesn't send traffic to syslog server for UDP 514. however, it seems it works on other ports because I can see the checkpoint firewall showing the flow as it is the next hope.
we have two syslog server. it doesn't log on one but sometimes it works on the other one.,
it used to work but it stopped working
I increased the size to 1024 and reload the device, didn't help. just the drops disappeared. can somebody help please?

 

no logging hide username
logging buffer-size 1048576
logging asdm-buffer-size 512
logging monitor informational
logging buffered debugging
logging trap informational
logging history informational
logging asdm emergencies
logging queue 1024
logging device-id hostname
logging host management x.x.x.x.
logging host management x.x.x.x.
logging debug-trace
logging flash-minimum-free 3076
logging flash-maximum-allocation 51200

----------

Logging Queue length limit : 1024 msg(s)
0 msg(s) discarded due to queue overflow
0 msg(s) discarded due to memory allocation failure
Current 0 msg on queue, 976 msgs most on queue
---------------
capture shows the packet is being sent:
1: 14:51:12.826754 0050.56ab.21cd 0050.569c.0624 0x0800 Length: 345
ASA Firewall ip.514 > 1st syslog server.514: [udp sum ok] udp 303 (ttl 255, id 32544)
2: 14:51:12.826754 0050.56ab.21cd 0050.569c.0624 0x0800 Length: 345
ASA Firewall ip.514 > 2st syslog server.514: [udp sum ok] udp 303 (ttl 255, id 4313)

___________________
Cisco Adaptive Security Appliance Software Version 9.16(2)14
SSP Operating System Version 2.10(1.182)
Device Manager Version 7.17(1)152
REST API Agent Version 7.16.1.75

 

 

0 Helpful
4 Replies 4

MHM Cisco World
VIP
VIP

‎03-12-2023 06:58 AM - edited ‎03-12-2023 07:50 AM 

logging host interface_name ip_address [tcp[/port] | udp[/port]] [format emblem]

 config UDP/TCP port and host IP and interface that ASA use to connect to host. 

0 Helpful

Mehrzad Sharifi
Level 1
Level 1

‎03-12-2023 07:05 AM

Hi, Thanks for repling,
As you can see above , it is configured like this :
logging host management x.x.x.x.
logging host management x.x.x.x.
and I can see in ASDM that port 514 is configured for it, so I don't think this is the solution

0 Helpful

MHM Cisco World
VIP
VIP
In response to Mehrzad Sharifi

‎03-12-2023 07:53 AM

are you sure server listen to UDP 514 ? ore it use different UDP port or use TCP port?
try

ping [if_name] host [repeat count] [timeout seconds] [data pattern] [size bytes] [validate]

ping to log server using management interface. check the reachability 

Mehrzad Sharifi
Level 1
Level 1

‎03-13-2023 04:00 AM

yes, it is reachable. the interesting part is sometimes it works and sometimes it doesn't, so connectivity is totally fine,

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card