cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7311
Views
0
Helpful
5
Replies

ASDM Logging does not appear correctly

Rafael Mendes
Level 2
Level 2

Hello Everyone,

I have a problem with my ASDM Logging(ASA5520, System image file is "disk0:/asa804-k8.bin").

If i generate any traffic, the ASDM do not show the packets correctly.

For example, if i generate a icmp traffic from interface inside to outsite, the ASDM does not show the packets, when it shows it apperars just in one direction.

My log configuration is:

logging enable

logging monitor warnings

logging trap debugging

logging history debugging

logging asdm informational

Anyone can help me?

Tks a lot.

Rafael Mendes

1 Accepted Solution

Accepted Solutions

Rafael,

First, you will only see level 7 (debugging) level logs in ASDM's Real-time log viewer if the "logging asdm debugging" command is set. Currently it is set to informational (level 6).

Note: This is a little confusing. Within ASDM you launch the log view under Monitoring > Logging. Here the logging level may be set to "debugging", but you will not see level 7 syslogs unless you also change the configuration. In ASDM, this is set under Device Management > Logging > Logging Filters.

Second, even debugging level syslogs will not show individual packets. The sylogs will tell you a lot about what the ASA is doing, but it is not meant to "show the packets". If you want to run an actual packet capture, you can do that separately. Pleaes check out the packet capture page for details.

Thanks,

Brendan

View solution in original post

5 Replies 5

Kureli Sankar
Cisco Employee
Cisco Employee

Hello Rafael,

I can see that.  Do you have icmp inspection configured? "sh run policy-map"

If so you will only see outbound icmp builds and teardowns.

If you remove inspection and allow permission via acl then the requests and responses will be logged as there will not be inspection to allow the responses to automatically come back in.

Example:

With icmp inspection you will see the following only:

Jun 22 2011 00:46:39: %ASA-6-302020: Built outbound ICMP connection for faddr 172.18.254.1/0 gaddr 172.18.254.34/43812 laddr 192.168.2.2/1024

Jun 22 2011 00:46:41: %ASA-6-302021: Teardown ICMP connection for faddr 172.18.254.1/0 gaddr 172.18.254.34/43812 laddr 192.168.2.2/1024

Without icmp inspection and allowing relies to come back in via ACL permission:

Jun 22 2011 00:51:01: %ASA-6-302020: Built outbound ICMP connection for faddr 172.18.254.1/0 gaddr 172.18.254.34/10934 laddr 192.168.2.2/1024

Jun 22 2011 00:51:01: %ASA-6-302020: Built inbound ICMP connection for faddr 172.18.254.1/0 gaddr 172.18.254.34/10934 laddr 192.168.2.2/1024

Jun 22 2011 00:51:06: %ASA-6-302021: Teardown ICMP connection for faddr 172.18.254.1/0 gaddr 172.18.254.34/10934 laddr 192.168.2.2/1024

Jun 22 2011 00:51:06: %ASA-6-302021: Teardown ICMP connection for faddr 172.18.254.1/0 gaddr 172.18.254.34/10934 laddr 192.168.2.2/1024

-KS

Yes, i have icmp inspection(i have a IPS in this box too).

I cited the icmp only for example, but, the problem occurs to all protocols.

policy-map global_policy

class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect netbios

  inspect rsh

  inspect rtsp

  inspect skinny

  inspect esmtp

  inspect sunrpc

  inspect tftp

  inspect sip

  inspect xdmcp

  inspect http

  inspect ils

  inspect icmp

  inspect icmp error

So..i can't see the traffic on the "show log ASDM" if the i have inspect for this protocol?

This complicates the troubleshooting........

Tks a lot

could anyone help me?

Tks

Rafael,

First, you will only see level 7 (debugging) level logs in ASDM's Real-time log viewer if the "logging asdm debugging" command is set. Currently it is set to informational (level 6).

Note: This is a little confusing. Within ASDM you launch the log view under Monitoring > Logging. Here the logging level may be set to "debugging", but you will not see level 7 syslogs unless you also change the configuration. In ASDM, this is set under Device Management > Logging > Logging Filters.

Second, even debugging level syslogs will not show individual packets. The sylogs will tell you a lot about what the ASA is doing, but it is not meant to "show the packets". If you want to run an actual packet capture, you can do that separately. Pleaes check out the packet capture page for details.

Thanks,

Brendan

Tks Guys,

I change the logging asdm to level 7 and the packets appeared in ASDM console.

Tks for the link explaning "Packet Capture".

[]s

Review Cisco Networking for a $25 gift card