06-22-2011 05:02 AM - edited 03-11-2019 01:48 PM
Hello Everyone,
I have a problem with my ASDM Logging(ASA5520, System image file is "disk0:/asa804-k8.bin").
If i generate any traffic, the ASDM do not show the packets correctly.
For example, if i generate a icmp traffic from interface inside to outsite, the ASDM does not show the packets, when it shows it apperars just in one direction.
My log configuration is:
logging enable
logging monitor warnings
logging trap debugging
logging history debugging
logging asdm informational
Anyone can help me?
Tks a lot.
Rafael Mendes
Solved! Go to Solution.
06-27-2011 07:54 AM
Rafael,
First, you will only see level 7 (debugging) level logs in ASDM's Real-time log viewer if the "logging asdm debugging" command is set. Currently it is set to informational (level 6).
Note: This is a little confusing. Within ASDM you launch the log view under Monitoring > Logging. Here the logging level may be set to "debugging", but you will not see level 7 syslogs unless you also change the configuration. In ASDM, this is set under Device Management > Logging > Logging Filters.
Second, even debugging level syslogs will not show individual packets. The sylogs will tell you a lot about what the ASA is doing, but it is not meant to "show the packets". If you want to run an actual packet capture, you can do that separately. Pleaes check out the packet capture page for details.
Thanks,
Brendan
06-22-2011 07:00 AM
Hello Rafael,
I can see that. Do you have icmp inspection configured? "sh run policy-map"
If so you will only see outbound icmp builds and teardowns.
If you remove inspection and allow permission via acl then the requests and responses will be logged as there will not be inspection to allow the responses to automatically come back in.
Example:
With icmp inspection you will see the following only:
Jun 22 2011 00:46:39: %ASA-6-302020: Built outbound ICMP connection for faddr 172.18.254.1/0 gaddr 172.18.254.34/43812 laddr 192.168.2.2/1024
Jun 22 2011 00:46:41: %ASA-6-302021: Teardown ICMP connection for faddr 172.18.254.1/0 gaddr 172.18.254.34/43812 laddr 192.168.2.2/1024
Without icmp inspection and allowing relies to come back in via ACL permission:
Jun 22 2011 00:51:01: %ASA-6-302020: Built outbound ICMP connection for faddr 172.18.254.1/0 gaddr 172.18.254.34/10934 laddr 192.168.2.2/1024
Jun 22 2011 00:51:01: %ASA-6-302020: Built inbound ICMP connection for faddr 172.18.254.1/0 gaddr 172.18.254.34/10934 laddr 192.168.2.2/1024
Jun 22 2011 00:51:06: %ASA-6-302021: Teardown ICMP connection for faddr 172.18.254.1/0 gaddr 172.18.254.34/10934 laddr 192.168.2.2/1024
Jun 22 2011 00:51:06: %ASA-6-302021: Teardown ICMP connection for faddr 172.18.254.1/0 gaddr 172.18.254.34/10934 laddr 192.168.2.2/1024
-KS
06-22-2011 07:14 AM
Yes, i have icmp inspection(i have a IPS in this box too).
I cited the icmp only for example, but, the problem occurs to all protocols.
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect http
inspect ils
inspect icmp
inspect icmp error
So..i can't see the traffic on the "show log ASDM" if the i have inspect for this protocol?
This complicates the troubleshooting........
Tks a lot
06-27-2011 07:14 AM
could anyone help me?
Tks
06-27-2011 07:54 AM
Rafael,
First, you will only see level 7 (debugging) level logs in ASDM's Real-time log viewer if the "logging asdm debugging" command is set. Currently it is set to informational (level 6).
Note: This is a little confusing. Within ASDM you launch the log view under Monitoring > Logging. Here the logging level may be set to "debugging", but you will not see level 7 syslogs unless you also change the configuration. In ASDM, this is set under Device Management > Logging > Logging Filters.
Second, even debugging level syslogs will not show individual packets. The sylogs will tell you a lot about what the ASA is doing, but it is not meant to "show the packets". If you want to run an actual packet capture, you can do that separately. Pleaes check out the packet capture page for details.
Thanks,
Brendan
06-29-2011 06:05 AM
Tks Guys,
I change the logging asdm to level 7 and the packets appeared in ASDM console.
Tks for the link explaning "Packet Capture".
[]s
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide