[c-nsp] ASA is not sending syslog

Ryan West rwest at zyedge.com
Tue Dec 25 18:18:32 EST 2012


You can sniff to see if it's sending syslog messages, but you'll find that once it fails it will not recover on its own.  Rebooting the box has fixed the issue.  The issue we've faced is that the ASA will stop sending to a host and won't recover, regardless of configuration changes.

Hope that helps.

-ryan

From: Farooq Razzaque [mailto:farooq_mcp at hotmail.com]
Sent: Tuesday, December 25, 2012 3:55 PM
To: Ryan West; cisco-nsp at puck.nether.net
Subject: RE: [c-nsp] ASA is not sending syslog

Hi Ryan

Thanks for the reply.

Have u faced the issue with ASA syslog ? If so, what issue you faced.  Did it fix by reboot

Can you elaborate the following

Sniff it and look for the counters to increment.




> From: rwest at zyedge.com<mailto:rwest at zyedge.com>
> To: farooq_mcp at hotmail.com<mailto:farooq_mcp at hotmail.com>; cisco-nsp at puck.nether.net<mailto:cisco-nsp at puck.nether.net>
> Subject: RE: [c-nsp] ASA is not sending syslog
> Date: Tue, 25 Dec 2012 19:35:39 +0000
>
> On Tue, Dec 25, 2012 at 13:51:24, Farooq Razzaque wrote:
> > Subject: [c-nsp] ASA is not sending syslog
> >
> >
> >
> >
> >
> >
> > Hi All,
> >
> > I have ASA 5510 running on version 8.0(5)27.
> >
> >
> > The ASA is not sending logs to syslog server 2. Previously it was
> > sending logs to syslog server 2 (2.x.x.2). I changed the order in the
> > config i.e i put the config of syslog server 3(3.x.x.3) at second
> > number and then put the config of syslog server 2 (2.x.x.2) at third
> > number after that ASA is not sending logs to syslog server 3 (3.x.x.3)
> > which is at second number and syslog server 2 which is at third number
> >
> > I also remove the config of syslog (logging host mgmt 2.x.x.2 --->
> > Syslog server 2) which was at third number. But still ASA is not
> > seding logs to syslog at second number
> >
> > How can we check that ASA is sending syslogs out .
> >
>
> Sniff it and look for the counters to increment.
>
> >
> > logging enable
> > logging list VPN_Monitor level informational class abc logging list
> > VPN_Monitor level informational class abcfo logging buffered
> > informational logging trap informational logging asdm informational
> > logging host mgmt
> > 1.x.x.1 ---> Syslog server 1 logging host mgmt 2.x.x.2 ---> Syslog
> > server 2 logging host inside 3.x.x.3 ---> Syslog server 3 logging
> > permit-hostdown logging class abc history informational logging class
> > abcfo history informational #
> >
>
> Others may have different experiences, but I've found that a reboot is the only fix sometimes. Removing all logging and adding it will not fix it when a configuration change is made. The logging feature is a little flaky.
>
> -ryan


More information about the cisco-nsp mailing list