Solved: Missing traffic log on ASA - Page 2

Wai Nam Mao · ‎04-14-2013

I have two ASA form a cluster and part of configuration as below

the number of hit count of this ACE is very very large, so that i suppose to receive lot of log on ASDM and log server, however, i found that i can just receive part of log, yes PART of it, let say 100 packet hit this ACE, but i can only receive about only 1 to 2 log entry

I tried to failover, to reboot, upgrade, all not work, i also directly plugin a log server onto ASA, but problem remain the same

access-list inside_access_in extended permit udp any any eq domain log

logging enable

logging console informational

logging buffered debugging

logging trap warnings

logging history informational

logging asdm informational

logging facility 22

logging host inside 1.1.1.1

Cisco Adaptive Security Appliance Software Version 8.2(5)

Device Manager Version 7.0(2)

Julio Carvajal · ‎04-16-2013

Hello Wai,

well that is expected,

If you enter the log option without any arguments, you enable system log message 106100 at the default level (6) and for the default interval (300 seconds). See the following options:

•level—A severity level between 0 and 7. The default is 6.

•interval secs—The time interval in seconds between system messages, from 1 to 600. The default is 300. This value is also used as the timeout value for deleting an inactive flow.

•disable—Disables all access list logging.

•default—Enables logging to message 106023. This setting is the same as having no log option.

As you can see there is an interval for each of the hits, so you can try to customize as you want but I mean you already know it's being hitted why should we waist CPU on this

Remember to rate all of the helpful posts, that is as important as a thanks :d

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC