syslog messages not linking to ASA rule

Unanswered Question
Jul 3rd, 2009
User Badges:

When viewing the log messages on the ASA in the buffer or real time view you can right click and select Show rule. It should show you the rule that generated the syslog entry. On our ASA ver 8.0 we've benn making changes our Sec Admin asked for and now when I try that feature is replies only syslog servers with message Id 106023 and 106023 can display the rule. The last change we made was to change syslog messages to use Local4 facility code. did that mess us up?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
pradeepde Thu, 07/09/2009 - 12:48
User Badges:
  • Bronze, 100 points or more

To view logs generated by the security appliance, you must specify a log output destination. If you enable logging without specifying a log output destination, the security appliance generates messages but does not save them to a location from which you can view them.


http://www.cisco.com/en/US/docs/security/asa/asa72/system/message/logconf.html#wp1090691

Actions

This Discussion