Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
577
Views
20
Helpful
5
Replies

"logging monitor debugging, logging buffered debugging..."

Go to solution
jmaxwellUSAF
VIP
VIP

‎02-07-2023 01:33 PM

Hello.

I'm trying to understand what this ASA5525 is logging, and to where.

May you please inform me what the below config lines mean?

If the below config lines mean debugging is presently on, shouldn't the below config be mostly removed to stop stress on the CPU? 

---

logging monitor debugging
logging buffered debugging
logging trap debugging
logging asdm debugging
logging class auth console debugging
logging class webvpn console debugging
logging class ssl console debugging

Thank you.

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rob Ingram
VIP
VIP
In response to jmaxwellUSAF

‎02-07-2023 02:12 PM - edited ‎02-07-2023 02:14 PM

@jmaxwellUSAF no debug logging, this should be used as an exception, for a short period and then disabled.

Best practice is disable logging to console/monitor, enable log buffer. Send logging information to syslog (if you have one).

View solution in original post

5 Replies 5

Go to solution
Rob Ingram
VIP
VIP

‎02-07-2023 01:39 PM

@jmaxwellUSAF that's bad, that configuration is providing debug to console, asdm gui, syslog and local log buffer, that'll likely crash the ASA.

Go to solution
jmaxwellUSAF
VIP
VIP
In response to Rob Ingram

‎02-07-2023 01:59 PM

Thank you.

All things being equal, if this was your ASA, what would your logging config look like?

0 Helpful

Go to solution
Rob Ingram
VIP
VIP
In response to jmaxwellUSAF

‎02-07-2023 02:12 PM - edited ‎02-07-2023 02:14 PM

@jmaxwellUSAF no debug logging, this should be used as an exception, for a short period and then disabled.

Best practice is disable logging to console/monitor, enable log buffer. Send logging information to syslog (if you have one).

Go to solution
MHM Cisco World
VIP
VIP

‎02-07-2023 01:59 PM

I initiate traffic from R1 to R2 and then use 
show conn  
and 
show lcoal-host 10.0.0.1 <<- R1

you can see there is Conn 

what I think is the traffic is not direct from ISR4K to ASA 
do in ISR4K
show ip route x.x.x.x longest <<- x.x.x.x is the destination 
check the egress interface is interface toward the ASA or not


Screenshot (271).pngScreenshot (272).png

Go to solution
jmaxwellUSAF
VIP
VIP

‎02-07-2023 02:15 PM - edited ‎02-07-2023 02:16 PM

Hi MHM. 

This is very helpful indeed. I am placing your text in my notes.

--I think you placed this in wrong thread.--

Anyway, I resolved that ticket-- real issue was NOT at network level-- it was application level, but strange problem was that I cleared the ACL issue mid-way into troubleshoot, but issue persisted= there was 2 issues= 1 network, then 1 application layer.

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card