03-19-2010 02:28 AM - edited 03-11-2019 10:23 AM
I use a Cisco ASA 5520 with version 8.2(2)
What I want to do ist to log some of the ACEs configured.
How it works:
# logging enable
# logging trap informational
# logging host inside x.x.x.x
# access-list inside_access_in extended permit ip any any log
# logging trap errors
# access-list inside_access_in extended permit ip any any log errors
In this case my syslog server does not get theese 6-106100 messages. But why?
Changing the severity of this message does not work either:
# logging message 106100 level errors
INFO: Please use the access-list command to change the severity level of this syslog
Solved! Go to Solution.
03-19-2010 03:42 PM
Pls. remove that acl line and then put it back again with the changed logging level.
It will work and show you 106100 in error level.
The reason is that when the log is hit for that traffic and when you change the level it doesn't take the newly changed level until traffic stops flowing matching the acl.
-KS
03-19-2010 02:51 AM
Maybe you want to try to change the default interval to 1 second on the access-list.
access-list inside_access_in extended permit ip any any log errors interval 1
Probably just test logging to buffer and see if you are seeing those messages:
logging buffered errors
logging buffer-size 10000
03-19-2010 03:01 AM
No, still the same
If I use
#access-list inside-clients_access_in extended permit ip any any log interval 1
(which defaults to informational) then I can see the 106100 messages
If I use
#access-list inside-clients_access_in extended permit ip any any log errors interval 1
I cannot see the 106100 messages (neither with 'logging buffered informational' nor with 'logging buffered erros')
03-19-2010 05:53 AM
Sounds like a bug to me.
03-19-2010 03:42 PM
Pls. remove that acl line and then put it back again with the changed logging level.
It will work and show you 106100 in error level.
The reason is that when the log is hit for that traffic and when you change the level it doesn't take the newly changed level until traffic stops flowing matching the acl.
-KS
03-22-2010 12:51 AM
Thanks to kusankar
Now I'm able to log theese 106100 messages even if trap severity is set to error.
It's just a little bit annoying to first have to remove an ACL line an then put it back again. During this time I may loose some conections because of the missing ACL line (even it's just a few seconds).
Thanks
Patrik
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide