Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
10401
Views
0
Helpful
4
Replies

Can't see any debug messages on "show log" on ASA

HuntLee304798
Level 1
Level 1

‎06-15-2020 10:18 PM

Hi everyone,

i am trying to do "debug webvpn 255", but nothing showed on my logging buffered, and nothing on my SSH session (with terminal monitor).

 

Here are my logging commands:

logging enable
logging timestamp
logging buffer-size 10000
logging asdm-buffer-size 512
logging console warnings
logging monitor warnings
logging buffered debugging
logging trap debugging
logging asdm warnings
logging debug-trace persistent
logging flash-bufferwrap
logging flash-minimum-free 3076000
logging flash-maximum-allocation 1024000
logging permit-hostdown
logging class webvpn monitor debugging

 

mov# show debug
debug webvpn enabled at level 255
debug webvpn enabled at level 255 (persistent)

mov#

 

I just can't seem to see any debug messages at all from my remote SSH session.

If anyone can shed some light on this, that would be greatly appreciated.

 

Cheers,

Hunt

0 Helpful
4 Replies 4

Marvin Rhoads
Hall of Fame
Hall of Fame

‎06-15-2020 11:12 PM

The "logging monitor" command enables the ASA to display syslog (and debug) messages in SSH and Telnet sessions so change your "logging monitor warnings" to "logging monitor debug".

https://www.cisco.com/c/en/us/td/docs/security/asa/asa-command-reference/I-R/cmdref2/l2.html#pgfId-1796033

Also make sure you use "terminal monitor" after you login - that command is only for the current session and is not persistent.

https://www.cisco.com/c/en/us/td/docs/security/asa/asa-command-reference/T-Z/cmdref4/t1.html#pgfId-1701280

0 Helpful

HuntLee304798
Level 1
Level 1
In response to Marvin Rhoads

‎06-15-2020 11:23 PM

I changed it together with "terminal monitor"... it has recorded 18237 messages, but not a single line appear on my SSH session... and it's not showing with 'show log' command either.

 


Syslog logging: enabled
Facility: 20
Timestamp logging: enabled
Hide Username logging: enabled
Standby logging: disabled
Debug-trace logging: enabled (persistent)
Console logging: level warnings, 19495 messages logged
Monitor logging: level debugging, class webvpn, 18237 messages logged
Buffer logging: level debugging, 277268 messages logged
Trap logging: level debugging, facility 20, 5672 messages logged
Global TCP syslog stats::
NOT_PUTABLE: 0, ALL_CHANNEL_DOWN: 0
CHANNEL_FLAP_CNT: 0, SYSLOG_PKT_LOSS: 0
PARTIAL_REWRITE_CNT: 0
Permit-hostdown logging: enabled
History logging: disabled
Device ID: disabled
Mail logging: disabled
ASDM logging: level warnings, 107644 messages logged
tion 0:00:00

0 Helpful

Deepak Kumar
VIP Alumni
VIP Alumni
In response to HuntLee304798

‎06-16-2020 12:19 AM

Hi,

I can see the recorded log massages as: Buffer logging: level debugging, 277268 messages logged

 

 Use a full command "Show logging" and share the output.

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to HuntLee304798

‎06-16-2020 12:24 AM

If you want to see the debugging logs on the monitor you need to enable logging by default and you can use commands to see the debug logs on the monitor.

 

enable your debugging command

 

and start logging to monitor.

logging monitor debugging

And during the SSH connection issue the command

terminal monitor

And to disable it enter

terminal no monitor

You should be able to disable all debugging with

no debug all

 

hope this helps you, if not post complete logging config to review again.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card