Richard Burts Sat, 03/21/2009 - 08:31
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Jerry


I see that your ASA configures a DHCP pool beginning at 192.168.0.2. And your syslog server is at 192.168.0.3. Is it possible that the ASA has assigned 192.168.0.3 to some device not your syslog server? What happens if you change the configuration of the DHCP pool to begin on some higher address?


HTH


Rick

jojuarez Sun, 03/22/2009 - 10:16
User Badges:

Hi Jerry,


You're missing one command on the syslog configuration:


logging trap


The command above will specify what level of logs the ASA sends to the server. You can refer to the following link for more information:

http://www.cisco.com/en/US/docs/security/asa/asa80/command/reference/l2.html#wp1753594


Btw, I also noticed that you have the command:

logging buffered debugging


That's not really recommended 'cause you may run into high cpu issues. Debug level is only recommended when it is sent to a syslog server or just for troubleshooting purposes.


Anyway, if the issue continues, you can verify the IP address stuff that Rick just mentioned. And if everything is ok but the issue continues, you'd have to run traffic captures to verify if the ASA's sending the logs to the server in question. You can refer to the following link for more info on captures:

http://nortfm.com/?View=entry&EntryID=1


Hope that helps


- Jorge Luis Juárez

Actions

This Discussion