cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
503
Views
20
Helpful
12
Replies

ASA logging issue

mze
Beginner
Beginner

We are unable to get the logging information on this below mentioned devices.

 

3 Accepted Solutions

Accepted Solutions

we understand that,  try below what is the outcome, does the syslog server reachable to ASA 10.1.1.1

 

no logging host Inside 10.1.1.1. 17/10516

logging host Inside 10.1.1.1

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

Georg Pauwen
VIP Master VIP Master
VIP Master

Hello,

 

which syslog server are you using ? It might not understand facility 16 - 23. Try and remove

logging facility 22

from the configuration.

View solution in original post

paul driver
VIP Expert VIP Expert
VIP Expert

Hello
Suggest also to decrease your logging queue, so the asa wont discard so many if it cannot handle them due to such a large queue size.and also reset the logging port to udp 514, test again

 

llogging host inside x.x.x.x udp 514
logging queue 100

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

12 Replies 12

johnd2310
Collaborator
Collaborator

Hi,

 

What is your logging configuration?

 

Thanks

John

**Please rate posts you find helpful**

balaji.bandi
VIP Guru VIP Guru
VIP Guru

where you not seeing logs ? or sending logs to syslog ?

 

check below document for reference ;

 

https://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/63884-config-asa-00.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

mze
Beginner
Beginner

logging issue 

logging host Inside 10.1.1.1. 17/10516

what you mean in red color your point of view ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

logging issue  

 

                                  - >... logging host Inside 10.1.1.1. 17/10516 

 As far as I understand  it the arguments following IP address of the syslog server should denote Protocol/Port-number. Protocol refers to UDP or TCP.

 M.

Hey, 

 

As per my understanding you're trying to send SYSLOGs to the external SYSLOG server. Questions that come to my mind:

1) Is there end-to-end connectivity between ASA(s) and SYSLOG server?

2) Can the traffic be policy-dropped (f.e. ACL, another firewall etc.) before reaching the server?

 

You can refer to this documentation file: https://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/63884-config-asa-00.html#anc6

thanks 

we understand that,  try below what is the outcome, does the syslog server reachable to ASA 10.1.1.1

 

no logging host Inside 10.1.1.1. 17/10516

logging host Inside 10.1.1.1

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Georg Pauwen
VIP Master VIP Master
VIP Master

Hello,

 

which syslog server are you using ? It might not understand facility 16 - 23. Try and remove

logging facility 22

from the configuration.

I think the suggestion about logging facility is a good one. I also wonder about the use of a non standard protocol port number for the syslog messages. Are you sure that the syslog server is looking for port 10516?

HTH

Rick

paul driver
VIP Expert VIP Expert
VIP Expert

Hello
Suggest also to decrease your logging queue, so the asa wont discard so many if it cannot handle them due to such a large queue size.and also reset the logging port to udp 514, test again

 

llogging host inside x.x.x.x udp 514
logging queue 100

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers