Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6783
Views
20
Helpful
7
Replies

Cisco ASA not sending logs to a syslog server

Alex.kushnarev
Level 1
Level 1

‎03-11-2020 02:12 AM

Hi team,

 

for some reason my cisco asa stopped sending logs to the syslog server. i have tried to disable and enable the logging again, removed the syslog server from the ASDM and added again using the logging host command  but still nothin, and when i run the sh logging command it doesnt show me the syslog host even thou i can see that it was added to the syslog server in the asdm.

logging conf :

Syslog logging: enabled

    Facility: 20

    Timestamp logging: enabled

    Hide Username logging: disabled

    Standby logging: disabled

    Debug-trace logging: enabled

    Console logging: disabled

    Monitor logging: disabled

    Buffer logging: disabled

    Trap logging: disabled

    Permit-hostdown logging: disabled

    History logging: disabled

    Device ID: disabled

    Mail logging: disabled

    ASDM logging: level informational, 4637 messages logged

 

 

logging queue:

 

Logging Queue length limit : 512 msg(s)

0 msg(s) discarded due to queue overflow

0 msg(s) discarded due to memory allocation failure

Current 0 msg on queue, 276 msgs most on queue

 

Any help will be appreciated.

Alex.

0 Helpful
7 Replies 7

balaji.bandi
Hall of Fame
Hall of Fame

‎03-11-2020 02:30 AM

Make sure you have Access Rule available on right interface and allowed UDP/TCP 514 port to reach syslog server.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Alex.kushnarev
Level 1
Level 1
In response to balaji.bandi

‎03-11-2020 03:34 AM

Hi Balaji,

 

the issue is that the ASA did send logs to the syslog server and stoped doing so after restart(ASAv)

 

Alex.

0 Helpful

Cristian Matei
VIP Alumni
VIP Alumni

‎03-11-2020 03:50 AM

Hi,

 

    What is the output of "show run logging"? What is the IP address of your syslog server and how does the ASA route towards it, out which interface?

 

Regards,

Cristian Matei.

0 Helpful

shaun
Level 1
Level 1

‎07-28-2020 08:38 PM

I have recently run into the same issue. Syslog entries were not being sent to the remote host until I included the line of config

"logging trap <x>" where <x> is the logging level, ie. warning/notification/emergency

robertschmitzberlin
Level 1
Level 1

‎03-01-2022 02:19 AM

Hi, I know this was asked one year ago, but I stumbled upon it while looking for an answer to a different problem.

Anyway, in the provided output you can see this line:

Trap logging: disabled

"Trap logging" is the code for logging to the syslog server.
Add "logging trap informational" to your config and
make sure you have a valid syslog server address configured with "logging host 'interface name' 'syslog server ip address'".

Mehrzad Sharifi
Level 1
Level 1

‎03-11-2023 05:35 AM - edited ‎03-11-2023 05:58 AM

Hi., I have a problem. my ASA firewall doesn't send traffic to syslog server for UDP 514. however, it seems it works on other ports because I can see the checkpoint firewall showing the flow as it is the next hope.
I increased the size to 1024 and reload the device, didn't help. just the drops disappeared. can somebody help please?
here is the config:
logging enable
logging timestamp
no logging hide username
logging buffer-size 1048576
logging asdm-buffer-size 512
logging monitor informational
logging buffered debugging
logging trap informational
logging history informational
logging asdm emergencies
logging queue 1024
logging device-id hostname
logging host management x.x.x.x.
logging host management x.x.x.x.
logging debug-trace
logging flash-minimum-free 3076
logging flash-maximum-allocation 51200

----------

Logging Queue length limit : 1024 msg(s)
0 msg(s) discarded due to queue overflow
0 msg(s) discarded due to memory allocation failure
Current 0 msg on queue, 976 msgs most on queue
---------------
capture shows the packet is being sent:
1: 14:51:12.826754 0050.56ab.21cd 0050.569c.0624 0x0800 Length: 345
ASA Firewall ip.514 > 1st syslog server.514: [udp sum ok] udp 303 (ttl 255, id 32544)
2: 14:51:12.826754 0050.56ab.21cd 0050.569c.0624 0x0800 Length: 345
ASA Firewall ip.514 > 2st syslog server.514: [udp sum ok] udp 303 (ttl 255, id 4313)

___________________
Cisco Adaptive Security Appliance Software Version 9.16(2)14
SSP Operating System Version 2.10(1.182)
Device Manager Version 7.17(1)152
REST API Agent Version 7.16.1.75


0 Helpful

MHM Cisco World
VIP
VIP
In response to Mehrzad Sharifi

‎03-11-2023 05:48 AM

please make new post and ask your Q, this can make all see and answer you 

0 Helpful
Customers Also Viewed These Support Documents