06-17-2018 06:26 PM - edited 03-05-2019 10:36 AM
Hi
My logs are being received to my syslog server as per below message:
2018-05-29T12:24:18+10:00 notice May 29 2018 12:24:17 AEST: %C4K_REDUNDANCY-5-CONFIGSYNC: The private-config has been successfully synchronized to the standby supervisor
I need to remove the YEAR and the TIMEZONE as highlighted in RED bold text.
Messages should look like this as from my other cisco infrastrcuture
2018-05-29T04:59:20+10:00 err May 28 18:59:19.909: %LINK-3-UPDOWN: Interface GigabitEthernet2/0/38, changed state to up
Could someone tell me what commands I need to run to adjust syslog messages to remove YEAR and TIMEZONE?
thanks
Dom
Solved! Go to Solution.
06-17-2018 06:45 PM - edited 06-17-2018 07:00 PM
Hi,
Do you have the following configured on your switch:
service timestamps log datetime msec localtime show-timezone year
you need to remove show-timezone year
just enter the following:
service timestamps log datetime localtime msec
Thanks
John
11-24-2019 04:39 PM
Hi,
Do you have the following in your running config:
logging timestamp rfc5424
if so, then try changing that to:
logging timestamp
Thanks
John
06-17-2018 06:45 PM - edited 06-17-2018 07:00 PM
Hi,
Do you have the following configured on your switch:
service timestamps log datetime msec localtime show-timezone year
you need to remove show-timezone year
just enter the following:
service timestamps log datetime localtime msec
Thanks
John
06-17-2018 08:41 PM
10-16-2019 12:16 AM
Hi,
We have same issue on Cisco ASA firewall in which GMT timezone is showing but we don't want and trying to remove.
Can anyone have idea to remove timezone from logs?
For your reference:
6167>:Oct 16 06:44:22 GMT: %ASA-session-7-609001: Built local-host Outside_Internet:52.56.180.221
<166>:Oct 16 06:44:22 GMT: %ASA-session-6-302020: Built inbound ICMP connection for faddr 52.56.180.221/26 gaddr 167.4.1.9/0 laddr 167.4.1.9/0 type 8 code 0
<166>:Oct 16 06:44:22 GMT: %ASA-session-6-302021: Teardown ICMP connection for faddr 52.56.180.221/26 gaddr 167.4.1.9/0 laddr 167.4.1.9/0 type 8 code 0
<167>:Oct 16 06:44:22 GMT: %ASA-session-7-609002: Teardown local-host Outside_Internet:52.56.180.221 duration 0:00:00
Logging configuration on ASA:
sh running-config logging
logging enable
logging timestamp
no logging hide username
logging standby
logging emblem
logging buffer-size 29999
logging buffered debugging
logging trap informational
logging asdm debugging
logging device-id hostname
logging host management 164.129.1.24
logging host management 167.4.16.30
Regards
Ashutosh
10-17-2019 05:07 PM
Hi
What is the model and software version of the ASA firewall?
Thanks
John
11-14-2019 10:30 PM
Hi John,
Requested information below:
Cisco Adaptive Security Appliance Software Version 9.10(1)22
Hardware: ASA5516, 8192 MB RAM, CPU Atom C2000 series 2416 MHz, 1 CPU (8 cores)
Thanks in advance for helping out.
Warm Regards,
11-21-2019 10:52 PM
Hi Jon, all,
Can someone kindly help regarding this?
Regards
11-24-2019 04:39 PM
Hi,
Do you have the following in your running config:
logging timestamp rfc5424
if so, then try changing that to:
logging timestamp
Thanks
John
12-11-2019 08:21 AM
Anyone else having this issue with their ASA firewall? The above has not resolved my issues.
Cisco Adaptive Security Appliance Software Version 9.10(1)11
Firepower Extensible Operating System Version 2.4(1.227)
Device Manager Version 7.10(1)
Hardware Model: 5516X
I have all logging going to a syslog server. All logs for this device are going to the correct folder and are displaying correct EXCEPT for any ASA-6-302010 log entries. These log entries omit the hostname from the log message, changes it to UTC and thinks that is it's hostname (which makes the messages log to a separate folder named UTC instead of ASAHOSTNAME where the remaining log entries write to)
This shows up in #show log on the ASA:
Dec 11 2019 15:51:03 ASAHOSTNAME : %ASA-6-302010: 130 in use, 877 most used
This shows up on the syslog server:
Dec 11 15:51:03 UTC 172.16.2.229 : %ASA-6-302010: 130 in use, 877 most used
This is how it SHOULD show up on the syslog server:
Dec 11 15:51:03 ASAHOSTNAME 172.16.2.229 %ASA-6-302010: 123 in use, 855 most used
This is my logging config:
logging enable
logging timestamp
logging buffer-size 100000
logging buffered informational
logging trap informational
logging history emergencies
logging device-id hostname
logging host inside 172.16.40.19
logging host inside 172.16.40.19
no logging message 106015
no logging message 313001
no logging message 313008
no logging message 106023
no logging message 106017
no logging message 710003
no logging message 106100
no logging message 302015
no logging message 302014
no logging message 302013
no logging message 302018
no logging message 302017
no logging message 302016
no logging message 302021
no logging message 302020
logging message 622001 level emergencies
12-30-2019 10:14 AM
What was the solution to remove the "Year" from the syslog logging message generated by an ASA firewall?
Is this possible?
If I understand correctly the syslog is based on the "Real-Time Log view which has the columns "Severtity", "Data" (Year to be remove), "Time", "Syslog ID", "Source IP", "Destination IP", "Destination Port" and " Description"
Steve
01-15-2020 04:20 AM
Hi All,
In our case it was a bug on version 9.10 , CSCvp72412
We upgraded to 9.12 to fix the issue.
HTH.
01-15-2020 04:21 AM
9.10 has bug CSCvp72412
Upgrade to fix version will resolve the issue.
HTH
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: