06-10-2007 05:45 PM - edited 03-09-2019 06:09 PM
Dear Sirs,
First, I'm not Bilingual so excuse my English.
Sending System Log Messages to a Syslog Server
If you specify TCP, the security appliance discovers when the syslog server fails and discontinues sending logs.
Is the function of sending again of syslog provided ?
Best regards,
06-10-2007 10:22 PM
You will have to rekey the command.
( See the url below )
After the Syslog service is restored, you have to reconfigure the TCP Syslog connection manually by entering the logging host if_name ip_address tcp/port configuration command.
I guess the best option is to configure 2 syslog servers.
##################
http://www.ciscopress.com/articles/article.asp?p=424447&seqNum=2&rl=1
##################
In fact, the TCP Syslog method is designed to be so reliable that the connection closes if the Syslog server becomes unavailable or if its logging storage becomes full. At this point, the firewall immediately stops forwarding traffic and generates a "201008: The PIX is disallowing new connections" message. You can also see this with the show logging command, as in the following example. Notice that TCP Syslog is still configured to use the Syslog server but is shown as disabled:
Firewall# show logging
Syslog logging: enabled
Facility: 20
Timestamp logging: enabled
Standby logging: disabled
Console logging: disabled
Monitor logging: disabled
Buffer logging: level informational, 716 messages logged
Trap logging: level informational, 162 messages logged
Logging to inside 172.21.4.1 tcp/1470 disabled
History logging: disabled
Device ID: hostname "Firewall"If this condition occurs, check the Syslog server and determine the source of the problem. After the Syslog service is restored, you have to reconfigure the TCP Syslog connection manually by entering the logging host if_name ip_address tcp/port configuration command.
06-11-2007 02:08 AM
Thank you very much for your help.
At the trouble, Is the switch smoothly divided the loss of the packet?
Sincerely,
06-11-2007 02:15 AM
If the ASA is not able to log to primary & you are are using tcp for Syslog, then the ASA will automatically try to log to the 2 nd syslog server. There will not be packet loss since we are using TCP.
In case of UDP the logging will continue to happen despite the Syslog server going down ( it will be sending messages but no use since the Sys log is down )
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide