Solved: Re: Re:SLA Monitor Syslog

Tormod Macleod · ‎02-19-2013

Hello,

We are using an SLA monitor to failover to a backup route should our route to our Primary ISP go down. We had a recent failure but there was no syslog indicating that the route failed over. We would ideally like syslog (or maybe snmp) to record that the SLA monitor has failed and that we have changed to the backup route but I can't see any way to do this. We are using a Cisco ASA 5510 (wasn't sure whether this was the right forum but I thought it was more a routing problem than a firewall problem)

Any help/advice greatly appreciated

Here's some config below....

route 0.0.0.0 0.0.0.0 [ROUTER1] 1 track 4

route 0.0.0.0 0.0.0.0 [ROUTER2] 105

sla monitor 104

type echo protocol ipIcmpEcho 4.2.2.2 interface EXTERNAL

sla monitor schedule 104 life forever start-time now

Abzal · ‎02-19-2013

Hi,

Check out this link
https://supportforums.cisco.com/thread/2039293

Sent from Cisco Technical Support Android App

Best regards,
Abzal

View solution in original post

Abzal · ‎02-19-2013

Hi,

Check out this link
https://supportforums.cisco.com/thread/2039293

Sent from Cisco Technical Support Android App

Best regards,
Abzal

jawad-mukhtar · ‎02-19-2013

Hi enable Logging Buffered Logs will be generated.

logging buffered informational

logging buffer-size (value)

Jawad

Tormod Macleod · ‎02-20-2013

Thanks very much for this. I used the below command from the link you sent. We are logging warnings so this command changed the severity of the tracked route messages to level 3 and as such they appeared on our logging.

logging message 622001 level 3

perkin · ‎09-17-2019

Hello from 2019!
just come across this issue and google a bit and found this thread,

I tried the 622001 a bit and found that is not 100% fit for my case since I just want IP SLA to monitor some of the IPs (no action other than Syslog) so I create IP SLA object and tracking object too.

I even turn Syslog to caught debug but still not able to found 622001.

End up I read the ASA doc and found that actually this is not triggered by the change of IP SLA state nor change of Tracking state

*this is the syslog to a ROUTE*
A tracked route has been added to or removed from a routing table, which means that the state of the tracked object has changed from up or down.*

https://www.cisco.com/c/en/us/td/docs/security/asa/syslog/b_syslog/syslogs6.html#con_4774896

that looks slightly different than on ISR or Catalyst, so for my case I need to add a default route with AD 255 to force it to trigger a syslog.

Georg Pauwen · ‎09-17-2019

Hello,

this thread is very old. In order to get a quick answer, can you briefly summarize what you are trying to accomplish, on what device ?

perkin · ‎09-17-2019

That is great! a response from a very old thread

Original problem - I want to monitor a destination IP - with no action, just want to be a simple poller to a destination and log an even in syslog.

That is possible on IOS devices

But it seems it is NOT possible on ASA

Like I said, ASA will save the event in syslog for *Track route* change

But not able save the event only *Track* change

So in order "see something" in syslog, I need to put the track associate with a dummy route, which route which never use (no matter what is the status of the Track) - it still served my purpose, but the code is not cool and tidy :)

ASA(config)# route outside 0.0.0.0 0.0.0.0 194.126.209.14 255 track 100

...

ASA# sh log | i 622

Sep 17 2019 08:57:24: %ASA-3-622001: Removing tracked route 0.0.0.0 0.0.0.0 x.x.x.x, distance 255, table default, on interface outside

Sep 17 2019 09:03:59: %ASA-3-622001: Adding tracked route 0.0.0.0 0.0.0.0 x.x.x.x, distance 255, table default, on interface outside