Solved: Slow Logging on ASA5505

remitprosupport · ‎03-18-2011

Hello all!

I've got an ASA 5505 (ASA 8.2(3), ASDM 6.3(4)53 for which logging seems very slow.

In the ASDM real-time log viewer, log entries come in spurts of 20, pause for a few seconds, then I get 20 more. The net result is that entries don't show until almost a minute after they happen.

The same behavior is affecting syslogging to a linux server. I've tried adjusting the syslog message queue size and the real-time logger buffer limit and neither had any effect.

CPU and memory usage on the firewall are at 15 and 50% respectively.

If anyone can suggest what I might try next, I'd greatly appreciate it.

Dan

padatta · ‎03-21-2011

The interfaces look clean. To narrow down, can we remove all logging, except that to syslog and also reduce the logging level?

e.g.

no logging console informational
no logging monitor informational
no logging trap informational
no logging asdm informational

logging trap warning

------> Now check if problem persists with logs on syslog server. If not, raise the logging level and check again.

logging trap informational

------> If thing still look good, follow the same steps for logging to ASDM.

This will help us narrow down (or not) issue with too many logs being generated. Is there any packet/traffic shaping device between ASA and syslogs server, host with ASDM running?

Paps

View solution in original post

padatta · ‎03-19-2011

Hi,

I'd like to take a look at 'show run logging' and 'show interface' outputs.

Can you please paste or upload it here?

Paps

remitprosupport · ‎03-21-2011

Thanks for the reply. Here's the output you requested...

Result of the command: "show run logging"

logging enable
logging timestamp
logging asdm-buffer-size 200
logging console informational
logging monitor informational
logging trap informational
logging asdm informational
logging host systems format emblem
logging permit-hostdown

Result of the command: "show interface"

Interface Ethernet0/0 "", is up, line protocol is up
Hardware is 88E6095, BW 100 Mbps, DLY 100 usec
    Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
    Input flow control is unsupported, output flow control is unsupported
    Available but not configured via nameif
    MAC address d0d0.fd45.64f2, MTU not set
    IP address unassigned
    134609383 packets input, 76157146531 bytes, 0 no buffer
    Received 33461523 broadcasts, 0 runts, 0 giants
    0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
    0 pause input, 0 resume input
    0 L2 decode drops
    1326406 switch ingress policy drops
    74996278 packets output, 15771212040 bytes, 0 underruns
    0 pause output, 0 resume output
    0 output errors, 0 collisions, 0 interface resets
    0 late collisions, 0 deferred
    0 rate limit drops
    0 switch egress policy drops
    0 input reset drops, 0 output reset drops
Interface Ethernet0/1 "", is up, line protocol is up
Hardware is 88E6095, BW 100 Mbps, DLY 100 usec
    Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
    Input flow control is unsupported, output flow control is unsupported
    Available but not configured via nameif
    MAC address d0d0.fd45.64f3, MTU not set
    IP address unassigned
    1554342 packets input, 129315454 bytes, 0 no buffer
    Received 24075 broadcasts, 0 runts, 0 giants
    0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
    0 pause input, 0 resume input
    0 L2 decode drops
    0 switch ingress policy drops
    845021 packets output, 65917041 bytes, 0 underruns
    0 pause output, 0 resume output
    0 output errors, 0 collisions, 0 interface resets
    0 late collisions, 0 deferred
    0 rate limit drops
    0 switch egress policy drops
    0 input reset drops, 0 output reset drops
Interface Ethernet0/2 "", is up, line protocol is up
Hardware is 88E6095, BW 100 Mbps, DLY 100 usec
    Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
    Input flow control is unsupported, output flow control is unsupported
    Available but not configured via nameif
    MAC address d0d0.fd45.64f4, MTU not set
    IP address unassigned
    526319392 packets input, 79936001432 bytes, 0 no buffer
    Received 1224438 broadcasts, 0 runts, 0 giants
    0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
    0 pause input, 0 resume input
    0 L2 decode drops
    6572424 switch ingress policy drops
    782106673 packets output, 850912431771 bytes, 0 underruns
    0 pause output, 0 resume output
    0 output errors, 0 collisions, 0 interface resets
    0 late collisions, 0 deferred
    0 rate limit drops
    0 switch egress policy drops
    0 input reset drops, 0 output reset drops
Interface Ethernet0/3 "", is up, line protocol is up
Hardware is 88E6095, BW 100 Mbps, DLY 100 usec
    Auto-Duplex(Full-duplex), Auto-Speed(100 Mbps)
    Input flow control is unsupported, output flow control is unsupported
    Available but not configured via nameif
    MAC address d0d0.fd45.64f5, MTU not set
    IP address unassigned
    707055847 packets input, 782578002496 bytes, 0 no buffer
    Received 51723 broadcasts, 0 runts, 0 giants
    0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
    0 pause input, 0 resume input
    0 L2 decode drops
    115114 switch ingress policy drops
    489986193 packets output, 76514598231 bytes, 0 underruns
    0 pause output, 0 resume output
    0 output errors, 0 collisions, 0 interface resets
    0 late collisions, 0 deferred
    0 rate limit drops
    0 switch egress policy drops
    0 input reset drops, 0 output reset drops
Interface Ethernet0/4 "", is down, line protocol is down
Hardware is 88E6095, BW 100 Mbps, DLY 100 usec
    Auto-Duplex, Auto-Speed
    Input flow control is unsupported, output flow control is unsupported
    Available but not configured via nameif
    MAC address d0d0.fd45.64f6, MTU not set
    IP address unassigned
    0 packets input, 0 bytes, 0 no buffer
    Received 0 broadcasts, 0 runts, 0 giants
    0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
    0 pause input, 0 resume input
    0 L2 decode drops
    0 switch ingress policy drops
    0 packets output, 0 bytes, 0 underruns
    0 pause output, 0 resume output
    0 output errors, 0 collisions, 0 interface resets
    0 late collisions, 0 deferred
    0 rate limit drops
    0 switch egress policy drops
    0 input reset drops, 0 output reset drops
Interface Ethernet0/5 "", is down, line protocol is down
Hardware is 88E6095, BW 100 Mbps, DLY 100 usec
    Auto-Duplex, Auto-Speed
    Input flow control is unsupported, output flow control is unsupported
    Available but not configured via nameif
    MAC address d0d0.fd45.64f7, MTU not set
    IP address unassigned
    0 packets input, 0 bytes, 0 no buffer
    Received 0 broadcasts, 0 runts, 0 giants
    0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
    0 pause input, 0 resume input
    0 L2 decode drops
    0 switch ingress policy drops
    0 packets output, 0 bytes, 0 underruns
    0 pause output, 0 resume output
    0 output errors, 0 collisions, 0 interface resets
    0 late collisions, 0 deferred
    0 rate limit drops
    0 switch egress policy drops
    0 input reset drops, 0 output reset drops
Interface Ethernet0/6 "", is down, line protocol is down
Hardware is 88E6095, BW 100 Mbps, DLY 100 usec
    Auto-Duplex, Auto-Speed
    Input flow control is unsupported, output flow control is unsupported
    Available but not configured via nameif
    MAC address d0d0.fd45.64f8, MTU not set
    IP address unassigned
    0 packets input, 0 bytes, 0 no buffer
    Received 0 broadcasts, 0 runts, 0 giants
    0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
    0 pause input, 0 resume input
    0 L2 decode drops
    0 switch ingress policy drops
    0 packets output, 0 bytes, 0 underruns
    0 pause output, 0 resume output
    0 output errors, 0 collisions, 0 interface resets
    0 late collisions, 0 deferred
    0 rate limit drops
    0 switch egress policy drops
    0 input reset drops, 0 output reset drops
Interface Ethernet0/7 "", is down, line protocol is down
Hardware is 88E6095, BW 100 Mbps, DLY 100 usec
    Auto-Duplex, Auto-Speed
    Input flow control is unsupported, output flow control is unsupported
    Available but not configured via nameif
    MAC address d0d0.fd45.64f9, MTU not set
    IP address unassigned
    0 packets input, 0 bytes, 0 no buffer
    Received 0 broadcasts, 0 runts, 0 giants
    0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
    0 pause input, 0 resume input
    0 L2 decode drops
    0 switch ingress policy drops
    0 packets output, 0 bytes, 0 underruns
    0 pause output, 0 resume output
    0 output errors, 0 collisions, 0 interface resets
    0 late collisions, 0 deferred
    0 rate limit drops
    0 switch egress policy drops
    0 input reset drops, 0 output reset drops
Interface Vlan1 "inside", is administratively down, line protocol is up
Hardware is EtherSVI, BW 100 Mbps, DLY 100 usec
    MAC address d0d0.fd45.64fa, MTU 1500
    IP address unassigned
Traffic Statistics for "inside":
    0 packets input, 0 bytes
    0 packets output, 0 bytes
    0 packets dropped
      1 minute input rate 0 pkts/sec, 0 bytes/sec
      1 minute output rate 0 pkts/sec, 0 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 0 pkts/sec, 0 bytes/sec
      5 minute output rate 0 pkts/sec, 0 bytes/sec
      5 minute drop rate, 0 pkts/sec
Interface Vlan2 "outside", is up, line protocol is up
Hardware is EtherSVI, BW 100 Mbps, DLY 100 usec
    MAC address d0d0.fd45.64fa, MTU 1500
    IP address X.X.X.X, subnet mask 255.255.255.224
Traffic Statistics for "outside":
    133283492 packets input, 73621805228 bytes
    74996489 packets output, 14304939749 bytes
    350735 packets dropped
      1 minute input rate 106 pkts/sec, 73710 bytes/sec
      1 minute output rate 71 pkts/sec, 15287 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 119 pkts/sec, 97516 bytes/sec
      5 minute output rate 75 pkts/sec, 12559 bytes/sec
      5 minute drop rate, 0 pkts/sec
Interface Vlan50 "dmz", is up, line protocol is up
Hardware is EtherSVI, BW 100 Mbps, DLY 100 usec
    MAC address d0d0.fd45.64fa, MTU 1500
    IP address 192.168.50.1, subnet mask 255.255.255.0
Traffic Statistics for "dmz":
    1554342 packets input, 101306490 bytes
    845021 packets output, 46576247 bytes
    19010 packets dropped
      1 minute input rate 0 pkts/sec, 26 bytes/sec
      1 minute output rate 0 pkts/sec, 10 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 0 pkts/sec, 4 bytes/sec
      5 minute output rate 0 pkts/sec, 2 bytes/sec
      5 minute drop rate, 0 pkts/sec
Interface Vlan100 "infrastructure", is up, line protocol is up
Hardware is EtherSVI, BW 100 Mbps, DLY 100 usec
    MAC address d0d0.fd45.64fa, MTU 1500
    IP address 192.168.100.1, subnet mask 255.255.255.0
Traffic Statistics for "infrastructure":
    417994008 packets input, 44999246402 bytes
    667202390 packets output, 766346208381 bytes
    325902 packets dropped
      1 minute input rate 66 pkts/sec, 20482 bytes/sec
      1 minute output rate 57 pkts/sec, 8187 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 99 pkts/sec, 61064 bytes/sec
      5 minute output rate 75 pkts/sec, 11099 bytes/sec
      5 minute drop rate, 0 pkts/sec
Interface Vlan125 "voip", is up, line protocol is up
Hardware is EtherSVI, BW 100 Mbps, DLY 100 usec
    MAC address d0d0.fd45.64fa, MTU 1500
    IP address 192.168.125.1, subnet mask 255.255.255.0
Traffic Statistics for "voip":
    9529796 packets input, 1103191061 bytes
    10947606 packets output, 752338967 bytes
    355511 packets dropped
      1 minute input rate 3 pkts/sec, 228 bytes/sec
      1 minute output rate 4 pkts/sec, 259 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 12 pkts/sec, 11523 bytes/sec
      5 minute output rate 7 pkts/sec, 680 bytes/sec
      5 minute drop rate, 0 pkts/sec
Interface Vlan150 "soa", is up, line protocol is up
Hardware is EtherSVI, BW 100 Mbps, DLY 100 usec
    MAC address d0d0.fd45.64fa, MTU 1500
    IP address 192.168.150.1, subnet mask 255.255.255.0
Traffic Statistics for "soa":
    51388228 packets input, 8520138053 bytes
    61133016 packets output, 41742638897 bytes
    749414 packets dropped
      1 minute input rate 82 pkts/sec, 14634 bytes/sec
      1 minute output rate 100 pkts/sec, 70292 bytes/sec
      1 minute drop rate, 1 pkts/sec
      5 minute input rate 72 pkts/sec, 9189 bytes/sec
      5 minute output rate 106 pkts/sec, 106599 bytes/sec
      5 minute drop rate, 1 pkts/sec
Interface Vlan200 "itdev", is up, line protocol is up
Hardware is EtherSVI, BW 100 Mbps, DLY 100 usec
    MAC address d0d0.fd45.64fa, MTU 1500
    IP address 192.168.200.1, subnet mask 255.255.255.0
Traffic Statistics for "itdev":
    40684850 packets input, 11141849665 bytes
    42824134 packets output, 24786146709 bytes
    72469 packets dropped
      1 minute input rate 34 pkts/sec, 6286 bytes/sec
      1 minute output rate 33 pkts/sec, 9973 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 64 pkts/sec, 11814 bytes/sec
      5 minute output rate 77 pkts/sec, 43644 bytes/sec
      5 minute drop rate, 0 pkts/sec
Interface Vlan250 "systems", is up, line protocol is up
Hardware is EtherSVI, BW 100 Mbps, DLY 100 usec
    MAC address d0d0.fd45.64fa, MTU 1500
    IP address 192.168.250.1, subnet mask 255.255.255.0
Traffic Statistics for "systems":
    706938065 packets input, 769502086613 bytes
    489986363 packets output, 65780695230 bytes
    703972 packets dropped
      1 minute input rate 41 pkts/sec, 5923 bytes/sec
      1 minute output rate 64 pkts/sec, 20565 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 36 pkts/sec, 4325 bytes/sec
      5 minute output rate 60 pkts/sec, 23952 bytes/sec
      5 minute drop rate, 0 pkts/sec
Interface Vlan251 "management", is down, line protocol is down
Hardware is EtherSVI, BW 100 Mbps, DLY 100 usec
    MAC address d0d0.fd45.64fa, MTU 1500
    IP address 192.168.251.1, subnet mask 255.255.255.0
Traffic Statistics for "management":
    0 packets input, 0 bytes
    0 packets output, 0 bytes
    0 packets dropped
      1 minute input rate 0 pkts/sec, 0 bytes/sec
      1 minute output rate 0 pkts/sec, 0 bytes/sec
      1 minute drop rate, 0 pkts/sec
      5 minute input rate 0 pkts/sec, 0 bytes/sec
      5 minute output rate 0 pkts/sec, 0 bytes/sec
      5 minute drop rate, 0 pkts/sec
Interface Vlan999 "", is down, line protocol is down
Hardware is EtherSVI, BW 100 Mbps, DLY 100 usec
    Available but not configured via nameif
    MAC address d0d0.fd45.64fa, MTU not set
    IP address unassigned

padatta · ‎03-21-2011

The interfaces look clean. To narrow down, can we remove all logging, except that to syslog and also reduce the logging level?

e.g.

no logging console informational
no logging monitor informational
no logging trap informational
no logging asdm informational

logging trap warning

------> Now check if problem persists with logs on syslog server. If not, raise the logging level and check again.

logging trap informational

------> If thing still look good, follow the same steps for logging to ASDM.

This will help us narrow down (or not) issue with too many logs being generated. Is there any packet/traffic shaping device between ASA and syslogs server, host with ASDM running?

Paps

remitprosupport · ‎03-21-2011

Paps,

I followed your instructions, and with everything disabled except warning level alerts to syslog everything seemed snappy. I turned it up to warning and it still seemed to be moving along well.

I then enabled informational to ASDM and that seems to be working well too. It's a little chunky but much faster than it was before. For now I'll keep everything else disabled and see if performance degrades from here.

Thanks for your help!