Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1090
Views
4
Helpful
1
Replies

Syslogs on ASA arent reaching the specified Syslog server

Craddockc
Level 3
Level 3

‎10-27-2014 11:25 AM - edited ‎02-21-2020 05:18 AM

Hello Community,

 

We have many branch sites that use Cisco ASA 5505 firewalls. I configured each of them to send syslog messages to a specified syslog server back at the HQ, as well as the local buffer. However, the syslog messages are not getting to the syslog server. The buffer is filling up fine. Ive checked and checked again my config. It seems fine but it could be incorrect. I also set up an ACL on the inside interface to see if the hitcount was incrementing, it is not. I can ping the syslog server just fine from the ASA. Unfortunately I am not quite sure how to continue troubleshooting this issue. The connectivity from the HQ to the Branch site is fine (MPLS WAN). I could not find any debug commands pertaining to syslogs on the ASA otherwise I would have tried that. I have posted my ASA config below. Ive ommitted the IP's for security reasons but rest assured they are correct.

 

Also, I had a question about the port #'s. On the config guide it states the following: Valid port values for either protocol are 1025 through 65535. The default UDP port is 514. The default TCP port is 1470. So if the valid port values are 1025-65535 and the deault UDP port # is 514, how is it a valid port value? Thats confusing.

 

Any help is appreciated. Thanks.

 

 

interface Ethernet0/0
 description *** WAN ***
 switchport access vlan 30
!
interface Ethernet0/1
 switchport access vlan 30
!
interface Ethernet0/2
 switchport access vlan 30
!
interface Ethernet0/3
 switchport access vlan 30
!
interface Ethernet0/4
 switchport access vlan 30
!            
interface Ethernet0/5
 switchport access vlan 30
!
interface Ethernet0/6
 switchport access vlan 30
!
interface Ethernet0/7
 switchport access vlan 30
!
interface Vlan1
 shutdown
 no nameif
 security-level 100
 no ip address
!
interface Vlan2
 shutdown
 no nameif
 security-level 0
 ip address dhcp setroute
!
interface Vlan30
 description *** Security ***
 nameif inside
 security-level 100
 ip address x.x.x.x x.x.x.x
!
ftp mode passive
dns server-group DefaultDNS
 domain-name ptbcorp.com
object network obj_any
 subnet 0.0.0.0 0.0.0.0
access-list SYSLOG extended permit udp any host x.x.x.x eq syslog log
access-list SYSLOG extended permit ip any any
pager lines 24
logging enable
logging timestamp
logging buffer-size 64000
logging buffered notifications
logging asdm informational
logging host inside x.x.x.x
mtu inside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
access-group SYSLOG out interface inside
route inside 0.0.0.0 0.0.0.0 x.x.x.x 1
route inside x.x.x.x x.x.x.x. x.x.x.x
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ (inside) host x.x.x.x
 key *****
user-identity default-domain LOCAL
aaa authentication http console TACACS+ LOCAL
aaa authentication ssh console TACACS+ LOCAL
aaa accounting ssh console TACACS+
aaa accounting enable console TACACS+
http server enable
snmp-server host inside x.x.x.x community ***** version 2c
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 inside
ssh timeout 5
ssh version 2
console timeout 0

dhcpd auto_config inside
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
username admin password J/c7mHEjJuMcq5a7 encrypted
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum client auto
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny 
  inspect sunrpc
  inspect xdmcp
  inspect sip 
  inspect netbios
  inspect tftp
  inspect ip-options
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
Cryptochecksum:369568d8c9448c3fe5a68bd47ffbca46
: end
 

BR203-FW# ping x.x.x.x
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to x.x.x.x, timeout is 2 seconds:
!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 10/10/10 ms

 

access-list SYSLOG; 2 elements; name hash: 0xd8887163
access-list SYSLOG line 1 extended permit udp any host x.x.x.x eq syslog log informational interval 300 (hitcnt=0) 0xa16f9279
access-list SYSLOG line 2 extended permit ip any any (hitcnt=0) 0x11a4b6d2

 

 

 

0 Helpful
1 Reply 1

Craddockc
Level 3
Level 3

‎10-27-2014 12:26 PM

Community,

 

I believe I found my problem. I failed to enter the "Logging Trap Notifications" command. Without this, the ASA had defaulted to filtering all notifications.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card