ASA Sylog quietly fails

Unanswered Question
Jun 4th, 2009
User Badges:

I have a network of ASA's set to send syslog to a syslog server. When you first set the ASA to log to syslog it all works, but after a while it stops sending. Then if you reset (turn off logging, turn it back on again) it will start logging until it quietly fails again.

Any ideas how to get it to stop failing?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
KennethCote Thu, 06/04/2009 - 07:57
User Badges:

I had this problem yesterday and figured it out. I had "logging console debugging" enabled which was killing the logging queue. Also, it may benefit you to look at the logging queue size or set the rate limit.

yatesag Thu, 06/04/2009 - 08:23
User Badges:

I don't have logging console debugging. I tried changes to the queue size and rate limit previously, but it does not look like a queue or limit problem. It seems that just resetting the logging settings gets it going again.

yatesag Thu, 06/04/2009 - 08:35
User Badges:

Just confirmed it again on another ASA. Uncheck "Enable Logging" and recheck it, and syslogs start flowing to the syslog server again instantly.

Kureli Sankar Thu, 06/04/2009 - 09:15
User Badges:
  • Cisco Employee,

BUG CSCsu03602 Resolved in 8.0.4(27).

You can read it here:

you can go to the above link login with your CCO ID and then key in the

defect ID above

Defect details does not show it as resolved but, will say so in the near future.

Also when it fails to send logs you can see

1. if console, buffer and monitor will logg

2. apply capture on the firewall interface facing the syslog server and see if it is sending upd 514 packets to the syslog server during this time.

yatesag Thu, 06/04/2009 - 09:27
User Badges:

OK, thanks, so it is just a bug. I will wait for the fix, thanks for letting me know

ssocsupport Wed, 07/27/2011 - 07:56
User Badges:

we noticed the similar problem in Ver 8.2(2)

is there any fix


This Discussion