Solved: ASA 5520 Logging Help!!!

Eddie.brown1986 · ‎11-05-2012

Hello Folks,

I am running two ASA 5520 routers synched up with eachother. I had a massive connectivity issue this weekend that I am investigating. Now I have figured out how to get the live logging but I need to know how to get the old logs from my router.

Also I am looking to set up a log dump that could happen daily or perhaps weekly. Does anyone have any experience with this?

Thanks,

Eddie

John Blakley · ‎11-05-2012

The logs overwrite if they fill the buffer space that's allocated for it. If you didn't offload them to a syslog server already, then you won't be able to get them back if they've already overwritten.

To offload in the future, you can configure a syslog server like the following:

logging enable

logging timestamp

logging list VPNLIST message 713119-713120

logging list VPNLIST message 113019

logging buffer-size 100000

logging monitor debugging

logging buffered debugging

logging trap VPNLIST

logging asdm informational

logging facility 23

logging device-id hostname

logging host Inside x.x.x.x

The VPNLIST are the allowed messages that the ASA will send to the syslog server. If you want all of them, don't do the "logging trap VPNLIST" line. I'll warn you that it's a lot of data that gets sent to the syslog server if you don't filter the ones that you want specifically.

HTH,

John

HTH, John *** Please rate all useful posts ***

View solution in original post

John Blakley · ‎11-06-2012

Logging history has to do with snmp servers. The only way to see "old" logs is the "show log" command and then you'll only be able to see them if they haven't been overwritten in the buffer.

HTH, John *** Please rate all useful posts ***

View solution in original post

John Blakley · ‎11-05-2012

The logs overwrite if they fill the buffer space that's allocated for it. If you didn't offload them to a syslog server already, then you won't be able to get them back if they've already overwritten.

To offload in the future, you can configure a syslog server like the following:

logging enable

logging timestamp

logging list VPNLIST message 713119-713120

logging list VPNLIST message 113019

logging buffer-size 100000

logging monitor debugging

logging buffered debugging

logging trap VPNLIST

logging asdm informational

logging facility 23

logging device-id hostname

logging host Inside x.x.x.x

The VPNLIST are the allowed messages that the ASA will send to the syslog server. If you want all of them, don't do the "logging trap VPNLIST" line. I'll warn you that it's a lot of data that gets sent to the syslog server if you don't filter the ones that you want specifically.

HTH,

John

HTH, John *** Please rate all useful posts ***

Eddie.brown1986 · ‎11-05-2012

I understand all of those commands, which one of those specifies the older logging information. What does the logging historycommand do? I have had my other router in standby for the last few days so I am trying to retrieve the logs off of it.

I have only ben successful in receiveing logs from a live router so far.

John Blakley · ‎11-06-2012

Logging history has to do with snmp servers. The only way to see "old" logs is the "show log" command and then you'll only be able to see them if they haven't been overwritten in the buffer.

HTH, John *** Please rate all useful posts ***

Eddie.brown1986 · ‎11-06-2012

Thank you very much for your help. I appreciate your time.