Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
864
Views
0
Helpful
4
Replies

Enabling syslog id 113019 for firewall reporting

Go to solution
dbrown
Level 1
Level 1

‎05-29-2013 05:50 AM - edited ‎03-11-2019 06:50 PM

I'm having a problem with an ASA 5510 and software from ManagEngine (Firewall Analyzer).  They are saying that syslog 113019 is not getting data over to the server where the firewall analyzer is installed.  I'm checking the config and I see it enabled.  I could use some help figuring out why this particular syslog info isn't making it to the reporting software when other data is.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎05-29-2013 06:25 AM

Hi,

So if you issue the command "show run logging" you CANT see the following command?

no logging message 113019

- Jouni

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎05-29-2013 06:25 AM

Hi,

So if you issue the command "show run logging" you CANT see the following command?

no logging message 113019

- Jouni

0 Helpful

Go to solution
dbrown
Level 1
Level 1
In response to Jouni Forss

‎05-29-2013 06:30 AM

Hi JouniForss, thanks for the quick reply.  I hadn't run that command prior and it does ideed show "no logging message 113019" which I assume is my problem.  When viewing the syslog IDs in the ASDM it shows that one as debugging.  I'm not sure why there is a difference between the two but that has to be the issue.  Can you share the command I would need to run in order to enable that syslog message?  Thank you for the help!

0 Helpful

Go to solution
dbrown
Level 1
Level 1
In response to dbrown

‎05-29-2013 06:42 AM

Actually I think I got it:

logging message 113019 level 5

I'll know for sure when I see data in the reports tomorrow.  Thanks again for the assist!

0 Helpful

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni
In response to dbrown

‎05-29-2013 07:06 AM

Hi,

If you saw the command that I mentioned above then it meant that that Syslog ID was disabled on the ASA.

This could have been negated by issuing the command

logging message 113019

After this issuing the command "show run logging" wouldnt have any mention of the that Syslog ID as all the Syslog IDs are enabled by default.

The command you mention naturally works too. It just alters the Syslog IDs default logging level. The default level is 4 (Warnings) and its now set to 5 (Notifications)

Naturally it depends on the rest of your logging configuration what level messages are sent where. The command you mention is naturally a good way to move some Syslog ID you deem important to another level without increasing the logging output considerably.

- Jouni

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card