Syslog problem

wngwngwng · ‎09-27-2011

Hi all,

Syslog has been running fine for me. Just recently our syslog server isn't recieving logs from our ASAs. It started as sporadic and now I have not received any logs on syslog server since yesterday afternoon. The ASA is still logging fine, but it is not getting to the syslog server. Any ideas?

Thanks,

Bill

brendorfer · ‎09-27-2011

Hello, I had the same problem few weeks ago. I have reconfigured our dns server and changed the name of one router. From that day the syslog server did not get any logs from that router.

I have reconfigured the syslog with the new name and the problem was solved. Btw, syslog server was configured with ip address but for some reason the ip was resolved to name provided by dns and in logs I don't see the ip of the router, I see the name insted.

Maybe this is helpfull for someone.

Clayton Dukes · ‎09-30-2011

Hi Bill,

Which syslog daemon and/or server are you using?

If it is linux based, you can run a tcpdump on the command line to make sure you are receiving the packets:

tcpdump udp port 514

This assumes you are sending on the default syslog port 514 of course.

If you have a lot coming in, you can check the tcpdump command line options to narrow it down, but something like:

tcpdump source host x.x.x.x (where x.x.x.x is your ASA) should show only packets from that device.

One caveat to the above - make sure you have your logging source set on the ASA.