Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1885
Views
0
Helpful
3
Replies

SYSLOG message

rahul.borah
Level 1
Level 1

‎02-01-2020 01:47 AM

HI Expert,

 

 I have a query regarding syslog message. In my cisco ASA firewall 5585X (9.1) remote syslog server ip is configured.  Regular basis syslog logs received by syslog server from ASA firewall aroung 3Lakh logs (level 6) per day but suddenly syslog msg count is increase to aroung 20 Lakh per day. Please guide how to troubleshoot the issue. And what are the common cause for this type of error.

 

Regards,

RB

Labels:
0 Helpful
3 Replies 3

RS_58556
Cisco Employee
Cisco Employee

‎02-01-2020 02:58 AM

Hi, 

 

First step would be see if you  the logging level for syslog (trap logging) has been changed (informational to debugging )

Secondly, any new ACLs implemented with log keyword (for which lot of hits are there)

Thirdly, check the syslog server to find any newer kind of logs you have started observing.

 

HTH

0 Helpful

rahul.borah
Level 1
Level 1
In response to RS_58556

‎02-01-2020 03:55 AM

HI HTH,

 

 Thakns for your reply.

I have checked step 1 and 2, both settings are looks good. Now i am waiting for all logs from the SOC team for troubleshooting.

One more query, is there any command for checking the count of syslog logs send to the remote syslog server in one day.

 

Regards,

RB

0 Helpful

RS_58556
Cisco Employee
Cisco Employee
In response to rahul.borah

‎02-01-2020 07:24 AM

That is not possible. The output of ‘show log’ would only show the total number of messages sent over until the counter is reset.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card