Hi,

We have same issue on Cisco ASA firewall in which GMT timezone is showing but we don't want and trying to remove.

Can anyone have idea to remove timezone from logs?

For your reference:

6167>:Oct 16 06:44:22 GMT: %ASA-session-7-609001: Built local-host Outside_Internet:52.56.180.221
<166>:Oct 16 06:44:22 GMT: %ASA-session-6-302020: Built inbound ICMP connection for faddr 52.56.180.221/26 gaddr 167.4.1.9/0 laddr 167.4.1.9/0 type 8 code 0
<166>:Oct 16 06:44:22 GMT: %ASA-session-6-302021: Teardown ICMP connection for faddr 52.56.180.221/26 gaddr 167.4.1.9/0 laddr 167.4.1.9/0 type 8 code 0
<167>:Oct 16 06:44:22 GMT: %ASA-session-7-609002: Teardown local-host Outside_Internet:52.56.180.221 duration 0:00:00

Logging configuration on ASA:

sh running-config logging
logging enable
logging timestamp
no logging hide username
logging standby
logging emblem
logging buffer-size 29999
logging buffered debugging
logging trap informational
logging asdm debugging
logging device-id hostname
logging host management 164.129.1.24
logging host management 167.4.16.30

Regards

Ashutosh
 

Hi

What is the model and software version of the ASA firewall?

Thanks

John

Hi John,

Requested information below:

Cisco Adaptive Security Appliance Software Version 9.10(1)22

Hardware: ASA5516, 8192 MB RAM, CPU Atom C2000 series 2416 MHz, 1 CPU (8 cores)

Thanks in advance for helping out.

Warm Regards,

Hi Jon, all,

Can someone kindly help regarding this?

Regards

Anyone else having this issue with their ASA firewall? The above has not resolved my issues.

Cisco Adaptive Security Appliance Software Version 9.10(1)11
Firepower Extensible Operating System Version 2.4(1.227)
Device Manager Version 7.10(1)

Hardware Model: 5516X

I have all logging going to a syslog server. All logs for this device are going to the correct folder and are displaying correct EXCEPT for any ASA-6-302010 log entries. These log entries omit the hostname from the log message, changes it to UTC and thinks that is it's hostname (which makes the messages log to a separate folder named UTC instead of ASAHOSTNAME where the remaining log entries write to)

This shows up in #show log on the ASA:

Dec 11 2019 15:51:03 ASAHOSTNAME : %ASA-6-302010: 130 in use, 877 most used

This shows up on the syslog server:

Dec 11 15:51:03 UTC 172.16.2.229 : %ASA-6-302010: 130 in use, 877 most used

This is how it SHOULD show up on the syslog server:

Dec 11 15:51:03 ASAHOSTNAME 172.16.2.229 %ASA-6-302010: 123 in use, 855 most used

This is my logging config:

logging enable
logging timestamp
logging buffer-size 100000
logging buffered informational
logging trap informational
logging history emergencies
logging device-id hostname
logging host inside 172.16.40.19
logging host inside 172.16.40.19
no logging message 106015
no logging message 313001
no logging message 313008
no logging message 106023
no logging message 106017
no logging message 710003
no logging message 106100
no logging message 302015
no logging message 302014
no logging message 302013
no logging message 302018
no logging message 302017
no logging message 302016
no logging message 302021
no logging message 302020
logging message 622001 level emergencies

What was the solution to remove the "Year" from the syslog logging message generated by an ASA firewall? 

Is this possible?

If I understand correctly the syslog is based on the "Real-Time Log view which has the columns "Severtity", "Data" (Year to be remove), "Time", "Syslog ID", "Source IP", "Destination IP", "Destination Port" and " Description"

Steve

Hi All,

In our case it was a bug on version 9.10 , CSCvp72412

We upgraded to 9.12 to fix the issue.

HTH.

9.10 has bug CSCvp72412

Upgrade to fix version will resolve the issue. 

HTH