04-15-2013 10:30 AM - edited 03-11-2019 06:28 PM
Hi Everyone,
I need to check logs for user PC IP in asdm.
I am on asdm page that shows real time log viewer.
Under filter by i put user PC IP address and click on filter it shows blank?
Thanks
MAhesh
Solved! Go to Solution.
04-15-2013 10:51 AM
Hi,
It usually either means that the users connection isnt reaching the ASA
OR
Your firewall ASDM logging level isnt high enough
Usually I have the ASDM logging level as "informational"
If you chech the logging configuration on the CLI you can use the command "show run logging"
And see that "logging asdm informational" is included in the output. If not you will need to add it.
Though you should be able to define it before opening the log window on the ASDM also.
- Jouni
04-15-2013 11:40 AM
Hi,
If you have high amount of traffic and not a large buffer configured then it will be pretty hard checking the logs on the SSH connection.
Use ASDM or a separate Syslog server is better in this case.
I would suggest configuring the "logging asdm informational" on the CLI and then checking the situation again on the ASDM logs.
- Jouni
04-15-2013 11:43 AM
Okey,
Do the following
logging buffered debugging
Then clear logging
and finally
show logging | include x.x.x.x
04-16-2013 07:59 AM
Hi Mahesh,
With the buffer size I meant the setting which defines how much logs the ASA keeps in its buffer which you can check on the CLI.
For example my setting in CLI format is this (Home ASA)
logging buffer-size 8192
This simply states how many bytes of logs is stored in the buffer of the ASA at any given time
ASA(config)# logging buffer-size ?
configure mode commands/options:
<4096-1048576> Specify logging buffer size in bytes
I think there is an own setting for ASDM also but I have never had the need to touch that setting
Regarding the command "show run logging" in the CLI. I too have witnessed that the CLI configuration might have some different logging level than the one shown in the ASDM.
I have never gone into depth with the setting so I cant give you a 100% sure answer at the moment.
I would imagine the setting on the ASDM side refers to some setting that only applies to the ASDM session you have open.
I would also imagine that the setting you see in the CLI with "show run logging" is the setting that is staticly configured to apply always.
Did you check the ASDM logging level on ASDM from the following menu
Configuration (Top Bar) -> Device Management (Bottom Left) -> Logging (Drop Down Menu) -> Logging Filters (Drop Down Menu)
- Jouni
04-15-2013 10:51 AM
Hi,
It usually either means that the users connection isnt reaching the ASA
OR
Your firewall ASDM logging level isnt high enough
Usually I have the ASDM logging level as "informational"
If you chech the logging configuration on the CLI you can use the command "show run logging"
And see that "logging asdm informational" is included in the output. If not you will need to add it.
Though you should be able to define it before opening the log window on the ASDM also.
- Jouni
04-15-2013 11:11 AM
Hi Jouni.
I ran the command sh run logging
it shows logging asdm critical.
On ASDM it shows
logging level debugging
Is there command i can check the logs while i am ASA by SSH?
Thanks
MAhesh
04-15-2013 11:26 AM
Hello
Logging level debugging you are basically logging everything
While connected via SSH
do a show logging | include x.x.x.x ( the IP address of the host you want to check)
04-15-2013 11:40 AM
Hi Julio,
Did that nothing comes back.
Also can you tell me difference between
when i run command on cli sh run logging
it says logging asdm critical.
When i login to device using asdm it says logging level debugging?
So what is ASDM logging level is it critical or debugging?
Thanks
MAhesh
04-15-2013 11:43 AM
Okey,
Do the following
logging buffered debugging
Then clear logging
and finally
show logging | include x.x.x.x
04-15-2013 11:40 AM
Hi,
If you have high amount of traffic and not a large buffer configured then it will be pretty hard checking the logs on the SSH connection.
Use ASDM or a separate Syslog server is better in this case.
I would suggest configuring the "logging asdm informational" on the CLI and then checking the situation again on the ASDM logs.
- Jouni
04-16-2013 07:44 AM
Hi Jouni,
I was able to check the logs on the syslog server.
I have few questions here
Can you please let me know when you say buffer size does this mean for logging to CLI? or ASDM?
Also can you tell me difference between
when i run command on cli sh run logging
it says logging asdm critical.
When i login to device using asdm it says logging level debugging?
So what is ASDM logging level is it critical or debugging?
Thanks
Mahesh
04-16-2013 07:59 AM
Hi Mahesh,
With the buffer size I meant the setting which defines how much logs the ASA keeps in its buffer which you can check on the CLI.
For example my setting in CLI format is this (Home ASA)
logging buffer-size 8192
This simply states how many bytes of logs is stored in the buffer of the ASA at any given time
ASA(config)# logging buffer-size ?
configure mode commands/options:
<4096-1048576> Specify logging buffer size in bytes
I think there is an own setting for ASDM also but I have never had the need to touch that setting
Regarding the command "show run logging" in the CLI. I too have witnessed that the CLI configuration might have some different logging level than the one shown in the ASDM.
I have never gone into depth with the setting so I cant give you a 100% sure answer at the moment.
I would imagine the setting on the ASDM side refers to some setting that only applies to the ASDM session you have open.
I would also imagine that the setting you see in the CLI with "show run logging" is the setting that is staticly configured to apply always.
Did you check the ASDM logging level on ASDM from the following menu
Configuration (Top Bar) -> Device Management (Bottom Left) -> Logging (Drop Down Menu) -> Logging Filters (Drop Down Menu)
- Jouni
04-16-2013 08:13 AM
Hi Jouni,
Did you check the ASDM logging level on ASDM from the following menu
Configuration (Top Bar) -> Device Management (Bottom Left) -> Logging (Drop Down Menu) -> Logging Filters (Drop Down Menu)
Yes i check this way.
Logging setup shows
Also when i click on logging i see on ASDM logging is enabled.
Logging to internal buffer
Buffer size is 4098
ASDM logging shows
QUEUE SIZE shows 100
seems 100 is quite small.
Thanks a lot for answering the questions.
Best regards
Mahesh
Message was edited by: mahesh parmar
04-03-2020 03:53 PM
So there is absolutely no way to search logs in the GUI for a particular IP?
04-03-2020 08:53 PM
@jerryroy777 this thread is 7 years old.
Yes you can absolutely search the logs in the ASDM GUI for a specific endpoint IP address. However if the traffic isn't reaching the ASA in the first place you may not get any results in your search.
If I search in the ASDM Realtime log viewer and don't find what I think should be there, the next level of troubleshooting is to do a packet capture and look for the raw packets incoming. (Assuming I've confirmed my logging level is correct and that there are no logging filters in place)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide