ASA logs are not reaching syslog server

eraser34987 · ‎07-13-2012

Recently we have been experiencing an issue with our ASA's syslog messages not reaching the syslog server. Periodically a message will get through but its fairly random. The ASA and the syslog server do reside on different subnets be it has always been this way and it has worked properly in the past. There have been a few code upgrades to the ASA and the syslog server resides in a VM environment but it recieves logs properly from all other devices. The patches to the ASA were to resolve some VPN bugs we were experiencing. Any ideas on what the issue could be?

JORGE RODRIGUEZ · ‎07-13-2012

Hi,

Personally I have run into syslog messaging issues in the past and have been related to bugs ,you may want to try looking at the code you have upgraded to and rule out bugs pertaining to syslog messaging . Look into your code opened Caveats in the link bellow . If you have dounble check your firewall configuration after the upgrade for syslogs to be ok and have other firewalls sending logs ok to the server , it could very well be a bug related issue.

http://www.cisco.com/en/US/partner/products/ps6120/prod_release_notes_list.html

You can also check in bug data base for your code -

http://tools.cisco.com/Support/BugToolKit/action.do?hdnAction=searchBugs

Regards

Jorge Rodriguez

Luis Silva Benavides · ‎07-13-2012

Hi Dustin,

We will need to determine if the syslog messages are actually leaving the ASA interface, you can do this with a capture on the interface were the server is located. Also will be a good idea to test basic connectivity between the FW and the syslog server.

Luis

Luis Silva