Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1471
Views
50
Helpful
5
Replies

FPR-1140 doesn't send syslog messages seen in ASDM to server

Go to solution
robertschmitzberlin
Level 1
Level 1

‎03-01-2022 02:33 AM

When looking at the ASDM Real-Time Log Viewer I can see lots of connection build-ups and teardowns. I can filter them and find the connections that I look for. Everything fine here.

I want to see the very same output on my syslog server. But they don't show up. All I see there are messages that are NOT shown in the Real-Time Log Viewer. But these messages all come from the IP address of the Firepower device I look at with the ASDM.

What did I configure wrong?

 

In "Configuration - Device Management - Logging - Logging Filters" both the ASDM and the Syslog Servers are set to "Severity: Informational".

Of course logging is enabled in "Configuration - Device Management - Logging - Logging Setup".

This is reflected on the CLI:

# show run logging        
logging enable
logging timestamp
logging trap informational
logging asdm informational
logging host 'interface' 'IP address'
#

Any help is highly appreciated.

 

Labels:
1 Accepted Solution

Accepted Solutions

Go to solution
robertschmitzberlin
Level 1
Level 1

‎03-03-2022 05:35 AM

Ok, now it works as it should.

 

The solution was to delete the line

no logging host [interface name] [ip address of syslog server]

and then to add it again:

logging host [interface name] [ip address of syslog server]

And the syslog messages arrived at the syslog server again.

View solution in original post

5 Replies 5

Go to solution
marce1000
VIP
VIP

‎03-01-2022 03:50 AM

 

 - What  happens if you change the logging levels from informational to debugging ?

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Go to solution
robertschmitzberlin
Level 1
Level 1
In response to marce1000

‎03-01-2022 04:05 AM

Thank you for the suggestion, but it doesn't change the main problem.

I set both ASDM and Syslog Servers to "Debugging" and also enabled "Send debug messages as syslogs", but there are still no connection build-ups or teardowns in the syslog on the syslog server.

Go to solution
robertschmitzberlin
Level 1
Level 1
In response to robertschmitzberlin

‎03-01-2022 08:04 AM

I have controlled the configuration and checked it against another similar machine from another customer. The configuration is fine.

 

It looks like the problem is a filter on the customer side. I might be able to confirm this tomorrow.

Go to solution
robertschmitzberlin
Level 1
Level 1

‎03-03-2022 12:30 AM

After spending a lot of time on this phenomenon a colleague finally tells me that he had the same problem at another customer's site. The firepower sends all the syslog messages, but they have a certain format that is dropped by the syslog server. The solution was to re-configure the syslog server to accept the message format.

I hav asked our server admins to look into this, but haven't received an answer yet.

Go to solution
robertschmitzberlin
Level 1
Level 1

‎03-03-2022 05:35 AM

Ok, now it works as it should.

 

The solution was to delete the line

no logging host [interface name] [ip address of syslog server]

and then to add it again:

logging host [interface name] [ip address of syslog server]

And the syslog messages arrived at the syslog server again.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card