Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1023
Views
5
Helpful
3
Replies

Cisco ASA syslog command issue

Go to solution
goodbye2015
Level 1
Level 1

‎05-04-2017 07:46 AM - edited ‎03-12-2019 02:19 AM

Cisco ASA 5550

Cisco Adaptive Security Appliance Software Version 8.2(5)
Device Manager Version 6.4(9)
System image file is "disk0:/asa825-k8.bin"

===============================================

Such a thing happened today, my asa using remote syslog server. previous configuration as follows:

asa# sh run | include logging
logging enable
logging trap warnings

logging host dmz_service 192.168.100.16

i was creating a new syslog server 192.168.100.17 using tcp port 11001 to accept remote message. so i made the modification. 

asa(config)# logging host dmz_service 192.168.100.17 tcp/11001

WARNING: interface Rdundant1.15 security level is 60.

why this warning pop up,after that, all traffic between the zones was forbid on ASA.

unbelievably. it was recovery when i "no logging host dmz_service 192.168.100.17 tcp/11001"

it cause severe productive accident.i feel so confused until now. anybody can help me?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Akhil.Balachandran
Level 1
Level 1
In response to Ajay Saini

‎05-04-2017 12:54 PM

Please check if the host 192.168.100.17 is reachable from the ASA.  On the ASA, if  the TCP SYSLOG server is unreachable, it  will drop all traffic through the device. This is a default behavior on the ASA.

http://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/63884-config-asa-00.html

To change the default behavior, configure the option "logging permit-hostdown" . This will make sure all the connection through the ASA is not denied, if the SYSLOG server is unreachable from the ASA.

http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/command/reference/cmd_ref/l2.html

Regards

Akhil

View solution in original post

3 Replies 3

Go to solution
Ajay Saini
Level 7
Level 7

‎05-04-2017 11:02 AM

Could you please attach the output of 'show nameif'

-AJ

0 Helpful

Go to solution
Akhil.Balachandran
Level 1
Level 1
In response to Ajay Saini

‎05-04-2017 12:54 PM

Please check if the host 192.168.100.17 is reachable from the ASA.  On the ASA, if  the TCP SYSLOG server is unreachable, it  will drop all traffic through the device. This is a default behavior on the ASA.

http://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/63884-config-asa-00.html

To change the default behavior, configure the option "logging permit-hostdown" . This will make sure all the connection through the ASA is not denied, if the SYSLOG server is unreachable from the ASA.

http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/command/reference/cmd_ref/l2.html

Regards

Akhil

Go to solution
goodbye2015
Level 1
Level 1
In response to Akhil.Balachandran

‎05-04-2017 08:53 PM

got it.

thank you for your help!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card