03-18-2022 02:58 AM - edited 05-02-2022 03:40 AM
We are unable to get the logging information on this below mentioned devices.
Solved! Go to Solution.
03-18-2022 10:46 AM - last edited on 03-21-2022 12:55 PM by Translator
03-19-2022 10:23 AM - last edited on 03-21-2022 12:56 PM by Translator
Hello,
which syslog server are you using ? It might not understand facility 16 - 23. Try and remove
logging facility 22
from the configuration.
03-19-2022 11:59 PM - last edited on 03-21-2022 12:57 PM by Translator
Hello
Suggest also to decrease your logging queue, so the asa wont discard so many if it cannot handle them due to such a large queue size.and also reset the logging port to udp 514, test again
llogging host inside x.x.x.x udp 514
logging queue 100
03-18-2022 03:08 AM
Hi,
What is your logging configuration?
Thanks
John
03-18-2022 03:17 AM
where you not seeing logs ? or sending logs to syslog ?
check below document for reference ;
03-18-2022 08:45 AM - edited 05-02-2022 03:41 AM
logging issue
03-18-2022 09:36 AM - edited 05-02-2022 03:42 AM
logging issue
03-18-2022 09:46 AM - last edited on 03-21-2022 12:54 PM by Translator
- >... logging host Inside 10.1.1.1. 17/10516
As far as I understand it the arguments following IP address of the syslog server should denote Protocol/Port-number. Protocol refers to UDP or TCP.
M.
03-18-2022 09:48 AM
Hey,
As per my understanding you're trying to send SYSLOGs to the external SYSLOG server. Questions that come to my mind:
1) Is there end-to-end connectivity between ASA(s) and SYSLOG server?
2) Can the traffic be policy-dropped (f.e. ACL, another firewall etc.) before reaching the server?
You can refer to this documentation file: https://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/63884-config-asa-00.html#anc6
03-18-2022 10:01 AM - edited 05-02-2022 03:42 AM
thanks
03-18-2022 10:46 AM - last edited on 03-21-2022 12:55 PM by Translator
03-18-2022 09:44 AM
logging host Inside 10.1.1.1. 17/10516
what you mean in red color your point of view ?
03-19-2022 10:23 AM - last edited on 03-21-2022 12:56 PM by Translator
Hello,
which syslog server are you using ? It might not understand facility 16 - 23. Try and remove
logging facility 22
from the configuration.
03-19-2022 11:06 PM
I think the suggestion about logging facility is a good one. I also wonder about the use of a non standard protocol port number for the syslog messages. Are you sure that the syslog server is looking for port 10516?
03-19-2022 11:59 PM - last edited on 03-21-2022 12:57 PM by Translator
Hello
Suggest also to decrease your logging queue, so the asa wont discard so many if it cannot handle them due to such a large queue size.and also reset the logging port to udp 514, test again
llogging host inside x.x.x.x udp 514
logging queue 100
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide