cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1000
Views
0
Helpful
7
Replies

ASA Sylog quietly fails

_airdesk_
Level 1
Level 1

I have a network of ASA's set to send syslog to a syslog server. When you first set the ASA to log to syslog it all works, but after a while it stops sending. Then if you reset (turn off logging, turn it back on again) it will start logging until it quietly fails again.

Any ideas how to get it to stop failing?

7 Replies 7

KennethCote
Level 1
Level 1

I had this problem yesterday and figured it out. I had "logging console debugging" enabled which was killing the logging queue. Also, it may benefit you to look at the logging queue size or set the rate limit.

I don't have logging console debugging. I tried changes to the queue size and rate limit previously, but it does not look like a queue or limit problem. It seems that just resetting the logging settings gets it going again.

Just confirmed it again on another ASA. Uncheck "Enable Logging" and recheck it, and syslogs start flowing to the syslog server again instantly.

BUG CSCsu03602 Resolved in 8.0.4(27).

You can read it here:

http://tools.cisco.com/Support/BugToolKit/

you can go to the above link login with your CCO ID and then key in the

defect ID above

Defect details does not show it as resolved but, will say so in the near future.

Also when it fails to send logs you can see

1. if console, buffer and monitor will logg

2. apply capture on the firewall interface facing the syslog server and see if it is sending upd 514 packets to the syslog server during this time.

OK, thanks, so it is just a bug. I will wait for the fix, thanks for letting me know

code is already available here:

http://www.cisco.com/cgi-bin/tablebuild.pl/asa-interim

asa804-31-k8.bin

we noticed the similar problem in Ver 8.2(2)

is there any fix

Review Cisco Networking for a $25 gift card