Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
877
Views
50
Helpful
5
Replies

FPR-1140 doesn't send syslog messages seen in ASDM to server

Go to solution
robertschmitzberlin
Beginner
Beginner

‎03-01-2022 02:33 AM

When looking at the ASDM Real-Time Log Viewer I can see lots of connection build-ups and teardowns. I can filter them and find the connections that I look for. Everything fine here.

I want to see the very same output on my syslog server. But they don't show up. All I see there are messages that are NOT shown in the Real-Time Log Viewer. But these messages all come from the IP address of the Firepower device I look at with the ASDM.

What did I configure wrong?

 

In "Configuration - Device Management - Logging - Logging Filters" both the ASDM and the Syslog Servers are set to "Severity: Informational".

Of course logging is enabled in "Configuration - Device Management - Logging - Logging Setup".

This is reflected on the CLI:

# show run logging        
logging enable
logging timestamp
logging trap informational
logging asdm informational
logging host 'interface' 'IP address'
#

Any help is highly appreciated.

 

Labels:
1 Accepted Solution

Accepted Solutions

Go to solution
robertschmitzberlin
Beginner
Beginner

‎03-03-2022 05:35 AM

Ok, now it works as it should.

 

The solution was to delete the line

no logging host [interface name] [ip address of syslog server]

and then to add it again:

logging host [interface name] [ip address of syslog server]

And the syslog messages arrived at the syslog server again.

View solution in original post

5 Replies 5

Go to solution
marce1000
VIP Mentor VIP Mentor
VIP Mentor

‎03-01-2022 03:50 AM

 

 - What  happens if you change the logging levels from informational to debugging ?

 M.



-- ' A nun once asked a penguin ' do you think the earth is flat ? ; the penguin replied :
Madam, it all depends , in Riemann geometries the earth can be perfectly flat! The nun thanked him , he tripped and fell forward : the poor animal had forgotten that he might be living in a Riemann geometry too!

Go to solution
robertschmitzberlin
Beginner
Beginner
In response to marce1000

‎03-01-2022 04:05 AM

Thank you for the suggestion, but it doesn't change the main problem.

I set both ASDM and Syslog Servers to "Debugging" and also enabled "Send debug messages as syslogs", but there are still no connection build-ups or teardowns in the syslog on the syslog server.

Go to solution
robertschmitzberlin
Beginner
Beginner
In response to robertschmitzberlin

‎03-01-2022 08:04 AM

I have controlled the configuration and checked it against another similar machine from another customer. The configuration is fine.

 

It looks like the problem is a filter on the customer side. I might be able to confirm this tomorrow.

Go to solution
robertschmitzberlin
Beginner
Beginner

‎03-03-2022 12:30 AM

After spending a lot of time on this phenomenon a colleague finally tells me that he had the same problem at another customer's site. The firepower sends all the syslog messages, but they have a certain format that is dropped by the syslog server. The solution was to re-configure the syslog server to accept the message format.

I hav asked our server admins to look into this, but haven't received an answer yet.

Go to solution
robertschmitzberlin
Beginner
Beginner

‎03-03-2022 05:35 AM

Ok, now it works as it should.

 

The solution was to delete the line

no logging host [interface name] [ip address of syslog server]

and then to add it again:

logging host [interface name] [ip address of syslog server]

And the syslog messages arrived at the syslog server again.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents