Solved: ASDM and ASA not showing logs

support-ogs · ‎02-28-2011

Hello,

I’m asking your help cause I think I have my first issue with a Cisco Appliance :-)

We’ve got lot of ASA appliances (around 30, 5505/5510/5520) and we never had this problem since the use of the new image software ASA 8.4(1) and ASDM 6.4(1). So, my problem is located on two ASA 5520 with active/passive failover with ASA image 8.4(1) and ASDM image 6.4(1).

My problem is that our appliance doesn’t show any logs when an ACL deny a packet, even if when I specify a specific “deny ACL” with a specific logging condition, asdm and ssh buffer logging are empty but the counters of the ACL increment.

OGS-HEB-FW-OUTIL/act# sh log

Syslog logging: enabled

Facility: 20

Buffer logging: level warnings, 6242 messages logged

ASDM logging: level warnings, 9252 messages logged

Here is my Cisco user id: support-ogs

Using Internet Explorer 6.0.6001.18702

Using Java Version 6 Update 24.

Have you experienced others users with this issue?

Thanks for all the help you can provide,

Regards,

Sevan

mirober2 · ‎03-01-2011

Hi Sevan,

I tested it on a 5505 and a 5520, both running 8.4(1), and the logs work as expected both times.

I see that there have been 6242 messages logged to the local buffer in your original post. Is it possible that the logs are working as expected, but you're not catching them within the log interval? With the configuration you have, each ACE will only show up in the log once within a 5 minute interval.

If you lower the interval to, say, 10 seconds and then watch the log buffer for a little over 5 minutes, do you see any messages show up?

It might be worth opening a TAC case for this since you're able to regularly reproduce the problem using 8.4(1). There may be something else in your configuration that is triggering this problem.

-Mike

View solution in original post

PAUL GILBERT ARIAS · ‎02-28-2011

the log on you ACLs are set to which level? your logging is configured for warnings or lower levels. If your ACL is configured with level 6 (informational) then you won't see the logs on your ASDM or buffer.

I hope this helps.

support-ogs · ‎02-28-2011

Hi Paul,

Thank you for your quick answer.

The logs on my ACL is set to warning and my adsm logs and buffer logs level are also set to warning.

I've made another good test: I've pushed the same asa/asdm image on a ASA5505 appliance, and I don't have this problem...

Strange isn't it?

Thanks for your help,

Regards,

Sevan.

PAUL GILBERT ARIAS · ‎02-28-2011

maybe something wrong on the OS version.

mirober2 · ‎03-01-2011

Hi Sevan,

I tested this on an ASA running 8.4(1) and the logging works as expected. Can you post the output of 'show run logging' for us, as well as 'show access-list ' with an example ACE that you see the hitcounts incrementing for?

-Mike

support-ogs · ‎03-01-2011

Hi,

Thanks for your response,

Here is the two commands expected:

OGS-HEB-FW-OUTIL/act# sh run logging
logging enable
logging buffer-size 10000
logging asdm-buffer-size 512
logging monitor warnings
logging buffered warnings
logging asdm warnings

OGS-HEB-FW-OUTIL/act# sh access-list Dorsale_access_in
access-list Dorsale_access_in; 2 elements; name hash: 0x1dbabe38
access-list Dorsale_access_in line 1 extended deny ip host 13.168.12.240 any log warnings interval 300 (hitcnt=5) 0x7ebdd65c
access-list Dorsale_access_in line 2 extended deny ip any any log warnings interval 300 (hitcnt=10) 0x818f54f6

I've rebooted the devices just before the commands.

On which platform have you made your test?

It seems to be specific with ASA5520, I've tested on ASA5505 with no problem.

Thanks again for the time passed for me.

Regards,

Sevan

mirober2 · ‎03-01-2011

Hi Sevan,

I tested it on a 5505 and a 5520, both running 8.4(1), and the logs work as expected both times.

I see that there have been 6242 messages logged to the local buffer in your original post. Is it possible that the logs are working as expected, but you're not catching them within the log interval? With the configuration you have, each ACE will only show up in the log once within a 5 minute interval.

If you lower the interval to, say, 10 seconds and then watch the log buffer for a little over 5 minutes, do you see any messages show up?

It might be worth opening a TAC case for this since you're able to regularly reproduce the problem using 8.4(1). There may be something else in your configuration that is triggering this problem.

-Mike