Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1309
Views
0
Helpful
1
Replies

Firewall Email Alert config

Go to solution
Sheraz.Salim
VIP Alumni
VIP Alumni

‎11-15-2015 09:39 AM - edited ‎03-11-2019 11:53 PM

We have one outside interface connection to ISP. The ISP wanted to do some maintaince work and informed us the link will do down for half and hour. therefore I configured the email alert on our production network where is configured the IPSLA with syslog, SMTP and with email address could verify this will work. as i can not test this as we do not have a spare ASA in our workshop.

please find the below config.

logging enable
logging timestamp
logging list SLA-LIST message 622001
logging buffer-size 9055
logging buffered debugging
logging trap SLA-LIST
logging history SLA-LIST
logging asdm debugging
logging mail SLA-LIST
logging from-address asa@netrevuca.co.uk
logging recipient-address sherazrose@netrevuca.co.uk level debugging
logging recipient-address itservicesdesk@netrevuca.co.uk level critical
logging device-id ipaddress inside
logging host inside 10.178.5.117
no logging message 106015
no logging message 313001
no logging message 313008
no logging message 106023
no logging message 710003
no logging message 106100
no logging message 302015
no logging message 302014
no logging message 302013
no logging message 302018
no logging message 302017
no logging message 302016
no logging message 302021
no logging message 302020

snmp-server host inside 10.178.5.49 community ***** version 2c udp-port 161
snmp-server host inside 10.178.5.117 community ***** version 2c
snmp-server location GH
snmp-server contact IT
snmp-server community *****
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
snmp-server enable traps syslog
snmp-server enable traps ipsec start stop
snmp-server enable traps entity config-change fru-insert fru-remove
snmp-server enable traps memory-threshold
snmp-server enable traps interface-threshold
snmp-server enable traps remote-access session-threshold-exceeded
snmp-server enable traps connection-limit-reached
snmp-server enable traps cpu threshold rising
sysopt connection tcpmss 1350
sla monitor 1
 type echo protocol ipIcmpEcho 8.8.8.8 interface outside
 num-packets 2
 timeout 2000
 threshold 2000
 frequency 5
sla monitor schedule 1 life forever start-time now



class-map global-class
 description NetFlow_LCT_Export
 match any
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum client auto
  message-length maximum 512
policy-map global_policy
 description NetFlow_LCT_Export
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
  inspect ip-options
 class global-class
  flow-export event-type all destination 10.178.5.117
 class class-default
  user-statistics accounting
!
service-policy global_policy global
smtp-server 10.178.1.113
prompt hostname context
no call-home reporting anonymous
hpm topN enable
Cryptochecksum:029395f06d6cc864531760c0e5210db9
: end

please do not forget to rate.
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Akshay Rastogi
Cisco Employee
Cisco Employee

‎11-16-2015 08:08 AM

Hi,

From configuration if looks fine. It should work. Make sure reachability to SMTP server is there.

Note We do not recommend using a severity level greater than 3 with the logging recipient-address command. Higher severity levels are likely to cause dropped syslog messages because of buffer overflow.

http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/command/reference/cmd_ref/l2.html#wp1774041

Also from the configuration, i could see that :

logging mail SLA-LIST
logging from-address asa@netrevuca.co.uk
logging recipient-address sherazrose@netrevuca.co.uk level debugging
logging recipient-address itservicesdesk@netrevuca.co.uk level critical

You have configured Logging list with specific message and simultaneously you have configured severity level in receipient-address. Recipient address's level always overrdes the one configured in logging mail. Therefore first recipient would get messages till debugging, and 2nd with critical. However as mentioned earlier, debugging level is too high. So you could thing of changing it to low level.

Hope it helps.

Regards,

Akshay Rastogi

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Akshay Rastogi
Cisco Employee
Cisco Employee

‎11-16-2015 08:08 AM

Hi,

From configuration if looks fine. It should work. Make sure reachability to SMTP server is there.

Note We do not recommend using a severity level greater than 3 with the logging recipient-address command. Higher severity levels are likely to cause dropped syslog messages because of buffer overflow.

http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/command/reference/cmd_ref/l2.html#wp1774041

Also from the configuration, i could see that :

logging mail SLA-LIST
logging from-address asa@netrevuca.co.uk
logging recipient-address sherazrose@netrevuca.co.uk level debugging
logging recipient-address itservicesdesk@netrevuca.co.uk level critical

You have configured Logging list with specific message and simultaneously you have configured severity level in receipient-address. Recipient address's level always overrdes the one configured in logging mail. Therefore first recipient would get messages till debugging, and 2nd with critical. However as mentioned earlier, debugging level is too high. So you could thing of changing it to low level.

Hope it helps.

Regards,

Akshay Rastogi

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card
Top