Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2674
Views
0
Helpful
3
Replies

Syslog messages coming from Standyby ASA ?

Ronald Nutter
Level 1
Level 1

‎04-22-2011 07:53 AM - edited ‎02-21-2020 04:19 AM

I have a pair of ASA's in Active/Standby configuration.  I noticed this morning that the secondary ASA is generating syslog messages when I dont think it should.  Here is the logging configuration -

logging enable
logging timestamp
logging buffer-size 1048576
logging console informational
logging buffered informational
logging trap informational
logging history critical
logging asdm critical
logging mail critical
logging host inside 10.1.4.12

This is the interface that syslog should be coming out of on the primary ASA -

interface GigabitEthernet0/1
description 10.1.85.0/24 Internal Interface
nameif inside
security-level 100
ip address 10.1.85.31 255.255.255.0 standby 10.1.85.32
ospf retransmit-interval 1
ospf hello-interval 1
ospf dead-interval 3

Cisco Adaptive Security Appliance Software Version 8.2(3)
Device Manager Version 6.3(4)

I ran the packet capture wizard on the secondary ASA and saw no syslog traffic coming from it.

Anybody else seen this ?

Ron

0 Helpful
3 Replies 3

Richard Burts
Hall of Fame
Hall of Fame

‎04-22-2011 08:19 PM

Ron

I have done a couple pair of ASA in active standby and find that the standby is generating syslog messages. The syslog from the standby are mostly reflecting exchange of state information which seems appropriate. Perhaps you could post some examples of syslog from the standby that you think are not appropriate.

HTH

Rick

Sent from Cisco Technical Support iPhone App

HTH

Rick
0 Helpful

Ronald Nutter
Level 1
Level 1
In response to Richard Burts

‎04-25-2011 06:38 AM

Prior to upgrading to 8.2.3, I never saw any syslog messages come from the secondary server unless I failed over to the secondary.  In that case, I would see a series of messages that told me a failover was in progress.

We are bringing up a new syslog server and that is when I started noticing the messages that I hadnt seen before.

Here is a sample of what I am seeing - Apr 25 2011 08.33.35 %ASA-6-721018: (WebVPN-Secondary) Web VPN session for client user client user domain/user_name, IP 75.30.40.50 has been deleted.

Since the ASA the message is coming from is in secondary mode, I wouldnt expect any messages to be coming from it since it isnt really doing anything.

Ron

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to Ronald Nutter

‎04-25-2011 12:34 PM

Ron

The message that you show us is part of what the ASA is doing to maintain state for all the VPN connections from the primary ASA. I see similar syslog messages from the standby unit in an ASA active/standby pair.

You say:"I wouldnt expect any messages to be coming from it since it isnt really doing anything." But the standby unit is really doing things. As a new session is established on the primary the secondary must process and retain that information. And when a session is discontinued on the primary then the standby must process that also and remove the session from the state table. If the standby were not busy doing these things then it would not be able to take over and process sessions correctly if the primary were to fail.

HTH

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card