Is the log buffer good for anything?

Unanswered Question
Feb 24th, 2010

To all:

As a person just starting to use the Cisco ASA5505, I am trying to make sense of all the level 2 (critical) and level 3 (error) messages that are showing up in the log buffer.  However when I posted asking about the seriousness of these messages, or to ignore them or not, there was no reply.

So I am forced to ask again, do we need to pay attention to the log buffer messages, or are they just for show? (sarcasm)

I see these messages whenever someone on the local inside interface is surfing the web and is at a web site.  It almost appears like the web site itself is infected and other IPs are probing whenever a client lands on the web site, but I am not sure of this interpretation.

Do I need to stick in a packet analyzer between the static IP gateway and the ASA 5505 and trap every packet and take a careful look?

I would like to use the Cisco ASA5505 to its fullest advantage, but not spin my wheels fruitlessly either.

How much credibility should we place in these log messages?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Panos Kampanakis Wed, 02/24/2010 - 11:04

The question is if you need to pay attention to the log messages. The answer is yes. The buffer is just one place you can store your messages to look at them live on the box and not on a syslog server.

I am not sure what messages are the ones you are referring to because I haven't seen them.

The firewall itself can capture packets so you can also fo that to analyze http://supportforums.cisco.com/docs/DOC-1222

I hope it helps.

PK

Kureli Sankar Wed, 02/24/2010 - 13:54

Syslogs messages help greatly when you are troubleshooting a problem. Especially the buffer log. It wraps very quickly and overwrites the default 512K buffer.

Some companies collect these using a syslog server and archive them for statistic purpose.

TAC relies very heavily on logs when troubleshooting any and all problems. So, these are certainly not for show and are very valuable for troubleshooting.

You can more about various logging in this link:

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/monitor_syslog.html

-KS

Actions

This Discussion