Cisco ASA Logging

George Rodriguez · ‎11-11-2013

I have been experiencing some problems at a customer site with a Cisco ASA 5510 where a reboot clears the problem. I am setting up a syslog server to capture the events in the hope that TAC can assist after the reboot using the captured logs.

My issue right now is that setting the logging to debugging or informational generates a large file in a short time. Given the situation what is the best option when selecting a logging trap so that when TAC reviews the file it is useful to them.

Thanks.

Richard Burts · ‎11-12-2013

When logging is set to informational or debug the ASA certainly does generate a lot of log messages. Perhaps an option to consider would be to set console logging to informational or debug and then to connect a PC to the console running some terminal emulator that allows you to specify a fairly large buffer for its screen display. (I like SecureCRT because it allows me to do this and probably there are other emulators that allow this also).

Let the logging to the console run until the problem happens. When the problem happens, go to the PC and do a copy paste of the content of the screen buffer to a file and send the file to TAC. I have done this before and it worked pretty well for me.

HTH

Rick

HTH

Rick

George Rodriguez · ‎11-13-2013

Great idea. I will let my customer know. Not usre it will be viable though as the ASA is in a data center.

Thanks for the advice though!

Richard Burts · ‎11-13-2013

Some of my customers with data center implementations have terminal servers implemented to provide out of band management. Is it possible that your customer data center has some terminal servers implemented and that one might be used to provide access to the console of the ASA? That removes the dependency on the monitoring PC being physically present at the ASA.

HTH

Rick

HTH

Rick