Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1138
Views
5
Helpful
9
Replies

ASA syslog issues

James Lytle
Level 1
Level 1

‎02-16-2023 02:51 PM

Seems I'm having some issues configuring the syslog output correctly.

My config is as follows:
PPOK-EC-FW-2# sho run logging
logging enable
logging timestamp
no logging hide username
logging list vpn level warnings
logging list vpn message 722022
logging list vpn message 722023
logging buffer-size 8092
logging console warnings
logging monitor errors
logging buffered vpn
logging trap warnings
logging asdm warnings
logging from-address EC2.ASA@ppok.com
logging recipient-address firewalladmin@ppok.com level alerts
logging facility 21
logging device-id ipaddress inside
logging host inside x.x.x.x
logging permit-hostdown
logging class auth trap informational
logging class vpdn trap informational
logging class vpn trap informational
logging class vpnc trap informational
logging class webvpn trap informational
logging class svc trap informational

i am only interested in receiving levels 0-4 and the specific 2 level 6 messages.  however, i am seeing quite a few extra level 6 messages that i need to eliminate.  when i remove the logging class commands, i stop receiving all the extra messages, as well as 722022.  then i'm stuck only getting the 722023 message and levels 0-4.  any thoughts?  i'm not sure what is going on, it's odd that i have to have those extra messages.

 

TIA

Jay

0 Helpful
9 Replies 9

balaji.bandi
Hall of Fame
Hall of Fame

‎02-16-2023 03:10 PM

what extra messages do you have as an example?

check the message list with priority:

https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/b_syslog/messages-listed-by-severity-level.html

logging facility 21 ( so amend the correct facility to get all the output)

Cisco FW shows it as 16-23 and the same are interpreted as 0-7 by syslog server

16 = Local0 on syslog

17 = Local1 on rsyslog

18 = Local2 on syslog

19 = Local3 on syslog

20 = Local4 on syslog

21 = Local5 on syslog

22 = Local6 on syslog

23 = Local7 on syslog

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

James Lytle
Level 1
Level 1
In response to balaji.bandi

‎02-16-2023 06:12 PM

I'm seeing multiple level 6 messages other than 722022 and 722023.  Currently, I'm seeing 722055, 716002, 716038, 716058, 716059, 113012, 716002, 113008, 611101, 113009 and 113039.  There may be more unless I missed it.  These extra messages amount to quite a few extra messages per day, filling the syslogs with messages that are basically being ignored.

0 Helpful

MHM Cisco World
VIP
VIP
In response to James Lytle

‎02-17-2023 01:19 AM

Cisco ASA Syslog Simplified (packetswitch.co.uk)

there are some solution check each one 
1-

no logging message 722055 716002

2-
 using message class 
3-
using logging list 

0 Helpful

James Lytle
Level 1
Level 1
In response to MHM Cisco World

‎02-17-2023 04:11 AM

Okay.  I'll try option #1.  I'm already using option #2 and #3.  If I remove the message class statements, it corrects some of the issue, but then I stop getting the 722022 messages and only receive the 722023.  However, all the other messages stop coming in as well, so that's a partial solution.  I'm using the logging list command in an attempt to narrow down to only those 2 level 6 messages, and allow anything 0-4, which is where the issue all started.

James Lytle
Level 1
Level 1
In response to MHM Cisco World

‎02-17-2023 11:14 AM

well, option #1 did not affect the events being sent to syslog.  back to square one.

0 Helpful

MHM Cisco World
VIP
VIP
In response to James Lytle

‎02-17-2023 11:20 AM

can I see last config 

0 Helpful

James Lytle
Level 1
Level 1
In response to MHM Cisco World

‎02-17-2023 11:35 AM

ogging enable
logging timestamp
no logging hide username
logging list vpn level warnings
logging list vpn message 722022
logging list vpn message 722023
logging buffer-size 8092
logging console warnings
logging monitor errors
logging buffered vpn
logging trap warnings
logging asdm warnings
logging from-address EC2.ASA@ppok.com
logging recipient-address firewalladmin@ppok.com level alerts
logging facility 21
logging device-id ipaddress inside
logging host inside x.x.x.x
logging permit-hostdown
logging class auth trap informational
logging class vpdn trap informational
logging class vpn trap informational
logging class vpnc trap informational
logging class webvpn trap informational
logging class svc trap informational

 

0 Helpful

MHM Cisco World
VIP
VIP
In response to James Lytle

‎02-18-2023 02:23 AM

Hello Freind 
I think I found solution 

you can only change the default level of message from Level 6 to Level 0-4 
this make get logging level from 0-4 and also get two message from level 6 (it level now will appear as level 0-4)
asa log.png

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to James Lytle

‎02-20-2023 01:54 AM

you can also try :

logging message 722022 level 6
logging message 722023 level 6

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card