Logging facility 23

sv7 · ‎09-01-2021

Hi All,

Im facing an issue that logs are not going into my syslog server after enabling syslog logging facility equals to 23.

Can anyone help me regarding this what could be the problem

balaji.bandi · ‎09-01-2021

what device is this ?

Look at this thread :

https://community.cisco.com/t5/network-security/configure-syslog-logging-facility-is-equal-to-23/m-p/4438196

BB

=====️ Preenayamo Vasudevam ️=====

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

sv7 · ‎09-01-2021

Hello Balaji,

Link you have shared shows how to enable logging facility. My query is i have enable logging facility but after that Asa stops sending logs to syslog server.

Device is Asa 5585-x

balaji.bandi · ‎09-02-2021

can you post the bit of Logging config (is that working before making facility change to 23 ?)

BB

=====️ Preenayamo Vasudevam ️=====

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

sv7 · ‎09-02-2021

Hi Balaji,

Yes its working before enabling facility 23. Please find below my logging configuration

ogging enable
logging timestamp
logging standby
logging buffer-size 524288
logging buffered debugging
logging trap debugging
logging history debugging
logging asdm debugging
logging from-address xxx-security@xxx.com
logging recipient-address xxx@xxx.com level emergencies
logging facility 23
logging device-id hostname
logging host management 10.33.194.xxx
logging host INSIDE 10.33.194.xxx
logging host OUTSIDE 192.168.71.2 xx/50020

balaji.bandi · ‎09-02-2021

seems to be ok, what syslog server other side.

from ASA can you post show logging.

BB

=====️ Preenayamo Vasudevam ️=====

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

sv7 · ‎09-12-2021

Hello Balaji,

will share after getting output from customer.

sv7 · ‎09-13-2021

Hi Balaji,

Pls find show logging output and help me if im missing anything that stops facility number 23 to stops syslogs messages to syslog server.

Note : I have reverted back to facility 20 as being facility 23 doesnt sends logs to syslog server.

ciscoasa# sh logging
Syslog logging: enabled
Facility: 20
Timestamp logging: enabled
Hide Username logging: enabled
Standby logging: enabled
Debug-trace logging: disabled
Console logging: disabled
Monitor logging: disabled
Buffer logging: level debugging, 3139045287 messages logged
Trap logging: level debugging, facility 20, 12548354674 messages logged
Logging to management 10.33.194.207, UDP TX:2631712
Logging to INSIDE 10.33.194.xxx, UDP TX:2631710
Logging to INSIDE 10.33.194.xxx udp/50020, UDP TX:2631708
Logging to TASEC_SOC 192.168.71.x udp/50020, UDP TX:2631642 errors: 18 dropped: 64
Logging to OUTSIDE 192.168.71.x udp/50020, UDP TX:2631704
Logging to INSIDE 192.168.71.x udp/50020, UDP TX:2631702
Global TCP syslog stats::
NOT_PUTABLE: 0, ALL_CHANNEL_DOWN: 0
CHANNEL_FLAP_CNT: 0, SYSLOG_PKT_LOSS: 0
PARTIAL_REWRITE_CNT: 0
Permit-hostdown logging: disabled
History logging: level debugging, 3139045287 messages logged
Device ID: hostname "ciscoasa"
Mail logging: disabled
ASDM logging: level informational, 3025057869 messages logged

balaji.bandi · ‎09-14-2021

Looking at the Config, Looks ok,

Since default using UDP, Try using TCP when you setup Facility 23 (see if that works) - make sure syslog server also Listen on TCP.

Send Logging Information to a Syslog Server

logging host interface_name ip_address [tcp[/port] | udp[/port]] [format emblem]
logging trap severity_level
logging facility number

BB

=====️ Preenayamo Vasudevam ️=====

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

sv7 · ‎09-14-2021

Any help on this please