[c-nsp] ASA is not sending syslog

Farooq Razzaque farooq_mcp at hotmail.com
Wed Dec 26 04:45:00 EST 2012 


Dear Ryan
 
Thanks for the reply.
 
I have three syslog servers as mentioned below,  first two syslog servers which are in management segment are working regardless of the order in the config.
 
Only the syslog server 3 which is in inside segment is not working either at number 2 position or at number 3 position in the config. Previsouly it was working fine at number 2 position then we change the order of syslog server 3 at number 3 where it was not working then we change the order again at number 2 postition where is also not working..
 
logging host mgmt 1.x.x.1 ---> Syslog server 1
logging host mgmt 2.x.x.2  ---> Syslog server 2
logging host inside 3.x.x.3  ---> Syslog server 3

 

 


 




From: rwest at zyedge.com
To: farooq_mcp at hotmail.com; cisco-nsp at puck.nether.net
Subject: RE: [c-nsp] ASA is not sending syslog
Date: Tue, 25 Dec 2012 23:18:32 +0000





You can sniff to see if it’s sending syslog messages, but you’ll find that once it fails it will not recover on its own.  Rebooting the box has fixed the issue.  The issue we’ve faced is that the ASA will stop sending to a host and won’t recover, regardless of configuration changes.
 
Hope that helps.
 
-ryan
 


From: Farooq Razzaque [mailto:farooq_mcp at hotmail.com] 
Sent: Tuesday, December 25, 2012 3:55 PM
To: Ryan West; cisco-nsp at puck.nether.net
Subject: RE: [c-nsp] ASA is not sending syslog
 

Hi Ryan
 
Thanks for the reply. 
 
Have u faced the issue with ASA syslog ? If so, what issue you faced.  Did it fix by reboot

Can you elaborate the following
 
Sniff it and look for the counters to increment. 

 



  

> From: rwest at zyedge.com
> To: farooq_mcp at hotmail.com; cisco-nsp at puck.nether.net
> Subject: RE: [c-nsp] ASA is not sending syslog
> Date: Tue, 25 Dec 2012 19:35:39 +0000
> 
> On Tue, Dec 25, 2012 at 13:51:24, Farooq Razzaque wrote:
> > Subject: [c-nsp] ASA is not sending syslog
> > 
> > 
> > 
> > 
> > 
> > 
> > Hi All,
> > 
> > I have ASA 5510 running on version 8.0(5)27.
> > 
> > 
> > The ASA is not sending logs to syslog server 2. Previously it was 
> > sending logs to syslog server 2 (2.x.x.2). I changed the order in the 
> > config i.e i put the config of syslog server 3(3.x.x.3) at second 
> > number and then put the config of syslog server 2 (2.x.x.2) at third 
> > number after that ASA is not sending logs to syslog server 3 (3.x.x.3) 
> > which is at second number and syslog server 2 which is at third number
> > 
> > I also remove the config of syslog (logging host mgmt 2.x.x.2 ---> 
> > Syslog server 2) which was at third number. But still ASA is not 
> > seding logs to syslog at second number
> > 
> > How can we check that ASA is sending syslogs out .
> > 
> 
> Sniff it and look for the counters to increment. 
> 
> > 
> > logging enable
> > logging list VPN_Monitor level informational class abc logging list 
> > VPN_Monitor level informational class abcfo logging buffered 
> > informational logging trap informational logging asdm informational 
> > logging host mgmt
> > 1.x.x.1 ---> Syslog server 1 logging host mgmt 2.x.x.2 ---> Syslog 
> > server 2 logging host inside 3.x.x.3 ---> Syslog server 3 logging 
> > permit-hostdown logging class abc history informational logging class 
> > abcfo history informational #
> > 
> 
> Others may have different experiences, but I've found that a reboot is the only fix sometimes. Removing all logging and adding it will not fix it when a configuration change is made. The logging feature is a little flaky.
> 
> -ryan

More information about the cisco-nsp mailing list