ASA debug removed when closing session

Unanswered Question
Apr 12th, 2010

Hi Guys,

I am trying to enable some debug on an ASA5510 running 8.2(1) and want this debug sent to a syslog server in a test environment. My current config is below -

logging enable
logging list test-ssh message 711001
logging buffer-size 10000
logging console warnings
logging monitor warnings
logging buffered debugging
logging trap test-ssh
logging asdm warnings
logging host inside X.X.X.X
logging debug-trace

At the moment I am just testing this by trapping message 711001 (debug). This all works when I enter the command 'debug ssh' and the messages get sent to my syslog server. If I do a 'show debug'  it shows -

ciscoasa# sh deb
debug ssh  enabled at level 255

The problem I am having is that as soon as I close my SSH session the debug command is completely removed and hence I stop receiving syslog. If I connect to the ASA again and do a 'show debug' there is nothing enabled.

Is there a way to enable a debug command permanently so that I can continue to receive the syslog message once the SSH session has been closed.


Regards,

Paul.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Federico Coto F... Mon, 04/12/2010 - 08:14

Hi,

You're saying that you do the command:

sh debug

And you see this:

debug ssh  enabled at level 255

And when you close the SSH session it goes away?

Sh debug shows nothing?

Question:

When you close the SSH session how do log in to the ASA? Do you have other connection or you connect back in?

Federico.

ggr.support Mon, 04/12/2010 - 08:18

Hi,

I am closing the SSH session, I have no other active open sessions and then I start a new SSH session to connect back in.

When I now do a sh debug it shows nothing  -

ciscoasa# sh deb
ciscoasa#

Thanks,

Paul.

Federico Coto F... Mon, 04/12/2010 - 08:22

I just did it as a test and I got the same result!

Do you still get the debug log on the syslog server?

Federico.

ggr.support Mon, 04/12/2010 - 08:25

Hi,

No, the debug output on the syslog server stops as soon as I close my session.

Paul.

Federico Coto F... Mon, 04/12/2010 - 08:32

Are you getting this message on the ASA:

ASA(config)# debug ssh
INFO: 'logging debug-trace' is enabled. All debug messages are currently being redirected to syslog:711001 and will not appear in any monitor session
debug ssh  enabled at level 1

Federico.

ggr.support Mon, 04/12/2010 - 08:38

Yes -

ciscoasa# deb ssh
INFO: 'logging debug-trace' is enabled. All debug messages are currently being redirected to syslog:711001 and will not appear in any monitor session
debug ssh  enabled at level 1
ciscoasa#

Just to make sure I have also removed my message filter in case this was causing an issue. My config is now -

ciscoasa# sh run logging
logging enable
logging buffer-size 10000
logging console warnings
logging monitor warnings
logging buffered debugging
logging trap debugging
logging asdm warnings
logging host inside X.X.X.X
logging debug-trace
logging permit-hostdown

Paul.

Federico Coto F... Mon, 04/12/2010 - 08:42

Actually if you remove all logging commands:

clear config log

You got the same results.

This not only happens with the debug ssh correct?

For example if you configure any other debug as well, the same thing happens correct?

Federico.

ggr.support Mon, 04/12/2010 - 08:46

Correct, if I configure any type of debug and then close the session the debug is removed. I have not been able to find any information about this as to whether it is expected behaviour or if there is a way around it.

Paul.

Federico Coto F... Mon, 04/12/2010 - 08:59

It seems the debugs are session specific.

It means that is expected behavior that disconnecting from an SSH session you no longer see the debug enabled.

The thing is that the logging debug-trace should keep sending the debugs to the syslog server.

Can you confirm that those messages are logged to the syslog server, but they stop appearing on the syslog server after disconnecting the SSH session?

Federico.

ggr.support Tue, 04/13/2010 - 00:58

Yes the debug messages are logged to the syslog server but as soon as I disconnect my SSH session I stop receiving the debug.

Paul.

ggr.support Tue, 04/13/2010 - 07:19

I have just opened a case with Cisco TAC to enquire about this and they have confirmed it is currently expected behaviour that debug is session based. As soon as you close your session onto an ASA all debug from your session is removed.

In case it helps or anyone is interested, Cisco have a bug open to add this as a feature enhancement in future code - CSCse30168

Regards,

Paul.

Actions

This Discussion