Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1522
Views
0
Helpful
5
Replies

sending logging messages to ftp server has stopped suddenly?

b.njjad
Level 1
Level 1

‎04-22-2013 12:10 PM - edited ‎03-11-2019 06:32 PM

hello all:

on ASA 5540 ,   i configured the logging setup as following :

loggin to the internal buffer :

buffer size 1048576 bytes

then i save the buffer to FTP server to save the log messages in continuosuly way

everything was working fine but suddenly sending the ftp traffic to FTP traffic has stopped suddenly

before in the live log viewer it was showing when ASA throws the ftp traffic to the ftp server but this stopped suddenly

nothing has changed in the ftp server setting (same username and password and the connectivity is there)

sending logging traffic to the ftp server came back just when i reboot the ASA.but this is not solution

anyone can help me please

Labels:
0 Helpful
5 Replies 5

Antonio Knox
Level 7
Level 7

‎04-22-2013 12:40 PM

You should set up a capture on the ASA to see what is going on (If you don't have a sniffer). Using ACL asacap and Capture name my-capture:

access-list asacap permit ip host asa-logging-ip-addr host ftp-server-ip-addr

access-list asacap permit ip host ftp-server-ip-addr host asa-logging-ip-addr

capture my-capture interface interface-facing-ftp-srv access-list asacap

This will tell you a lot more than I can (assuming you've reviewed your logging buffer for abnormalities).

0 Helpful

b.njjad
Level 1
Level 1
In response to Antonio Knox

‎04-23-2013 06:26 AM

thank you very much for your reply

actaully i am working on the ASA remotely using the ASDM so i can't see this directly from the command 

,there is capture wizard in ASDM ,

the question is in the wizard there is ingress(inside) and egress (outside)

assuming the FTP server located on the inside interface of the ASA ,what the ingress and egress interfaces should be,if i put the interface (inside) for the ingress,what i should put for the egress.

Best Regards

0 Helpful

Antonio Knox
Level 7
Level 7
In response to b.njjad

‎04-23-2013 07:02 AM

I'd do both ingress and egress on the outside interface.  This way, you will see the data in both directions from the same vantage point.  If you see the traffic coming in from the outside but nothing returning from the inside, then you know that the traffic is either being dropped by the ASA itself or something behind it.

0 Helpful

b.njjad
Level 1
Level 1
In response to Antonio Knox

‎04-23-2013 10:43 PM

Dear Antonio ;

thank you for reply ,

please note that in the capture wizard you can only select the interface Outside in either ingress or  egress .

so it is must to specify another interface .

0 Helpful

Antonio Knox
Level 7
Level 7
In response to b.njjad

‎04-24-2013 06:25 AM

basel,

Use ingress from the outside interface egress on inside interface.  My apologies, I don't use ASDM for captures, I opt for CLI, so I'm very unfamiliar with the process there.  I had to read up on it a minute ago.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card