ASA Active/Standby to CS-MARS

Unanswered Question
Sep 16th, 2008

Hello everyone.

I know this topic has been discussed previously:

but, I have an additional question/concern regarding this setup. I also currently have the ASA pairs configured where only the active is configured with both IPS added. This is fine. The problem I have is a potential to miss syslog information regarding failover in the case of the standby ASA thinking it needs to become active and the Active not knowing about it. This has happened due to a topology problem and it would have been helpful to have logs from the Standby ASA archived. I know I can't add it through a discover because of the name discrepancy, but I can add it as a device so that it receives logs from the ASA. An additional problem with this is that, since I can't discover it, it can't recognize the names, etc... being sent through syslog (objects, etc). Has anyone successfully added an ASA in this situation? If not, I think this would be a helpful feature.

Thank you,

Jeff Groesbeck

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Farrukh Haroon Tue, 09/16/2008 - 10:57

AFAIR ASA 8.x introduced different hostname for both faiover units, did you try that?



jeff_groesbeck Tue, 09/16/2008 - 11:11


I wasn't aware of this. I tried searching for this and was unsuccessful. Do you have a link I could look at for this?

Thank you,


Farrukh Haroon Tue, 09/16/2008 - 11:44

I'm sorry, I think I did not remember this correctly. I just went through the 8.x release notes and 8.0 Cisco TAC CTU training slides and could not locate such a feature. Maybe I was dreaming :)



ben.gordon Tue, 09/23/2008 - 06:55

I would say that you can just have the failover asa send syslog to mars then sort through the "unknown reporting device" logs looking for the ip of that asa. Or you can setup a syslog daemon on another computer and have it record the syslogs there.


This Discussion