Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
460
Views
10
Helpful
3
Replies

about ASA55xx syslog

hsasaki_cert
Level 1
Level 1

‎06-10-2007 05:45 PM - edited ‎03-09-2019 06:09 PM

Dear Sirs,

First, I'm not Bilingual so excuse my English.

Sending System Log Messages to a Syslog Server

If you specify TCP, the security appliance discovers when the syslog server fails and discontinues sending logs.

http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_7_2/conf_gd/sysadmin/monitor.htm#wp1064726

Is the function of sending again of syslog provided ?

Best regards,

Labels:
0 Helpful
3 Replies 3

anandramapathy
Level 3
Level 3

‎06-10-2007 10:22 PM

You will have to rekey the command.

( See the url below )

After the Syslog service is restored, you have to reconfigure the TCP Syslog connection manually by entering the logging host if_name ip_address tcp/port configuration command.

I guess the best option is to configure 2 syslog servers.

##################

http://www.ciscopress.com/articles/article.asp?p=424447&seqNum=2&rl=1

##################

In fact, the TCP Syslog method is designed to be so reliable that the connection closes if the Syslog server becomes unavailable or if its logging storage becomes full. At this point, the firewall immediately stops forwarding traffic and generates a "201008: The PIX is disallowing new connections" message. You can also see this with the show logging command, as in the following example. Notice that TCP Syslog is still configured to use the Syslog server but is shown as disabled:

Firewall# show logging

Syslog logging: enabled

Facility: 20

Timestamp logging: enabled

Standby logging: disabled

Console logging: disabled

Monitor logging: disabled

Buffer logging: level informational, 716 messages logged

Trap logging: level informational, 162 messages logged

Logging to inside 172.21.4.1 tcp/1470 disabled

History logging: disabled

Device ID: hostname "Firewall"If this condition occurs, check the Syslog server and determine the source of the problem. After the Syslog service is restored, you have to reconfigure the TCP Syslog connection manually by entering the logging host if_name ip_address tcp/port configuration command.

hsasaki_cert
Level 1
Level 1
In response to anandramapathy

‎06-11-2007 02:08 AM

Thank you very much for your help.

At the trouble, Is the switch smoothly divided the loss of the packet?

Sincerely,

0 Helpful

anandramapathy
Level 3
Level 3
In response to hsasaki_cert

‎06-11-2007 02:15 AM

If the ASA is not able to log to primary & you are are using tcp for Syslog, then the ASA will automatically try to log to the 2 nd syslog server. There will not be packet loss since we are using TCP.

In case of UDP the logging will continue to happen despite the Syslog server going down ( it will be sending messages but no use since the Sys log is down )

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents