03-20-2009 05:32 PM
Can anyone see why syslog to a server on the inside is failing? See attached.
03-21-2009 08:31 AM
Jerry
I see that your ASA configures a DHCP pool beginning at 192.168.0.2. And your syslog server is at 192.168.0.3. Is it possible that the ASA has assigned 192.168.0.3 to some device not your syslog server? What happens if you change the configuration of the DHCP pool to begin on some higher address?
HTH
Rick
03-22-2009 10:16 AM
Hi Jerry,
You're missing one command on the syslog configuration:
logging trap
The command above will specify what level of logs the ASA sends to the server. You can refer to the following link for more information:
http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/l2.html#wp1753594
Btw, I also noticed that you have the command:
logging buffered debugging
That's not really recommended 'cause you may run into high cpu issues. Debug level is only recommended when it is sent to a syslog server or just for troubleshooting purposes.
Anyway, if the issue continues, you can verify the IP address stuff that Rick just mentioned. And if everything is ok but the issue continues, you'd have to run traffic captures to verify if the ASA's sending the logs to the server in question. You can refer to the following link for more info on captures:
http://nortfm.com/?View=entry&EntryID=1
Hope that helps
- Jorge Luis Juárez
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide