Hello,

the output of :

> show running log is as follow:

# show running log
logging enable
logging timestamp
logging buffer-size 1048576
logging buffered informational
logging trap informational
logging asdm informational
logging host VLAN1 172.10.250.1
logging host VLAN1 172.10.250.2
logging host VLAN1 172.10.250.3
logging message 605004 level warnings
logging rate-limit 25 5 level 4

And when I run a "show logging" the output is as follow:

Jan 30 2018 09:20:22: %ASA-6-302014: Teardown TCP connection 
Jan 30 2018 09:20:22: %ASA-6-302014: Teardown TCP connection
Jan 30 2018 09:20:22: %ASA-6-106100: access-list
Jan 30 2018 09:20:22: %ASA-6-302013: Built inbound TCP connection
Jan 30 2018 09:20:22: %ASA-6-302014: Teardown TCP connection
Jan 30 2018 09:20:22: %ASA-6-106100: access-list
Jan 30 2018 09:20:22: %ASA-6-302013: Built inbound TCP connection
Jan 30 2018 09:20:22: %ASA-6-302014: Teardown TCP connection
Jan 30 2018 09:20:22: %ASA-6-106100: access-list
Jan 30 2018 09:20:22: %ASA-6-302013: Built inbound TCP connection

showing that log of debug level 6 is enabled.

Hello,

I asked for show logging output before the syslogs, it should look something like:

sh logging
Syslog logging: enabled
Facility: 20
Timestamp logging: disabled
Hide Username logging: enabled
Standby logging: disabled
Debug-trace logging: disabled
Console logging: disabled
Monitor logging: disabled
Buffer logging: level debugging, 125753348 messages logged
Trap logging: level notifications, facility 20, 523922 messages logged
Logging to inside x.x.x.x
Logging to inside x.x.x.x errors: 510 dropped: 754
Permit-hostdown logging: disabled
History logging: disabled
Device ID: disabled
Mail logging: disabled
ASDM logging: level informational, 98434511 messages logged
20.187.186/53864)

also, attach output of 'show blocks'

-

AJ

Ok, I omit the results of sh logging, here is the output:

show logging
Syslog logging: enabled
    Facility: 20
    Timestamp logging: enabled
    Hide Username logging: enabled
    Standby logging: disabled
    Debug-trace logging: disabled
    Console logging: disabled
    Monitor logging: disabled
    Buffer logging: level informational, 2392477359 messages logged
    Trap logging: level informational, facility 20, 7906831830 messages logged
        Logging to VLAN1 172.10.250.1 errors: 135305  dropped: 194929
        Logging to VLAN1 172.10.250.2 errors: 4  dropped: 194849
        Logging to VLAN1 172.10.250.3 errors: 11  dropped: 26
    Permit-hostdown logging: disabled
    History logging: disabled
    Device ID: disabled
    Mail logging: disabled
    ASDM logging: level informational, 2398066437 messages logged

and show blocks shows:

show blocks
  SIZE    MAX    LOW    CNT  INUSE   HIGH
     0   1450   1441   1450      0      8
     4    100     99     99      0      0
    80   1000    952    998      1     13
   256   5684   5160   5679 4294935122 4294967295
  1550   6174   5888   6169    502    716
  2048  11100  11096  11100      0      2
  2560    164    161    164      0      1
  4096    100     97    100      0      2
  8192    100     99    100      0      0
  9344    100    100    100      0      0

which shows a high amount of blocks used , due to logging level 6.

But, that does not explain to me why log level 4 writes to syslog and not log level 6?

Thx for advice!

Hello,

There are too many drops and errors. Looks like ASA is too busy processing these logs. Can you try to disable the buffered syslogs and also disable 2 of the syslog servers and see if that helps.

We can check the logging status:

show logging queue

show run all logging | in rate-limit

Also check the memory and cpu consumption.

-

HTH

AJ