ASA debug removed when closing session

Unanswered Question
Apr 12th, 2010
User Badges:

Hi Guys,


I am trying to enable some debug on an ASA5510 running 8.2(1) and want this debug sent to a syslog server in a test environment. My current config is below -


logging enable
logging list test-ssh message 711001
logging buffer-size 10000
logging console warnings
logging monitor warnings
logging buffered debugging
logging trap test-ssh
logging asdm warnings
logging host inside X.X.X.X
logging debug-trace


At the moment I am just testing this by trapping message 711001 (debug). This all works when I enter the command 'debug ssh' and the messages get sent to my syslog server. If I do a 'show debug'  it shows -


ciscoasa# sh deb
debug ssh  enabled at level 255


The problem I am having is that as soon as I close my SSH session the debug command is completely removed and hence I stop receiving syslog. If I connect to the ASA again and do a 'show debug' there is nothing enabled.


Is there a way to enable a debug command permanently so that I can continue to receive the syslog message once the SSH session has been closed.


Regards,

Paul.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Federico Coto F... Mon, 04/12/2010 - 08:14
User Badges:
  • Green, 3000 points or more

Hi,


You're saying that you do the command:


sh debug


And you see this:


debug ssh  enabled at level 255


And when you close the SSH session it goes away?

Sh debug shows nothing?


Question:

When you close the SSH session how do log in to the ASA? Do you have other connection or you connect back in?


Federico.

ggr.support Mon, 04/12/2010 - 08:18
User Badges:

Hi,


I am closing the SSH session, I have no other active open sessions and then I start a new SSH session to connect back in.


When I now do a sh debug it shows nothing  -


ciscoasa# sh deb
ciscoasa#


Thanks,

Paul.

Federico Coto F... Mon, 04/12/2010 - 08:22
User Badges:
  • Green, 3000 points or more

I just did it as a test and I got the same result!


Do you still get the debug log on the syslog server?


Federico.

ggr.support Mon, 04/12/2010 - 08:25
User Badges:

Hi,


No, the debug output on the syslog server stops as soon as I close my session.


Paul.

Federico Coto F... Mon, 04/12/2010 - 08:32
User Badges:
  • Green, 3000 points or more

Are you getting this message on the ASA:


ASA(config)# debug ssh
INFO: 'logging debug-trace' is enabled. All debug messages are currently being redirected to syslog:711001 and will not appear in any monitor session
debug ssh  enabled at level 1

Federico.

ggr.support Mon, 04/12/2010 - 08:38
User Badges:

Yes -


ciscoasa# deb ssh
INFO: 'logging debug-trace' is enabled. All debug messages are currently being redirected to syslog:711001 and will not appear in any monitor session
debug ssh  enabled at level 1
ciscoasa#


Just to make sure I have also removed my message filter in case this was causing an issue. My config is now -


ciscoasa# sh run logging
logging enable
logging buffer-size 10000
logging console warnings
logging monitor warnings
logging buffered debugging
logging trap debugging
logging asdm warnings
logging host inside X.X.X.X
logging debug-trace
logging permit-hostdown


Paul.

Federico Coto F... Mon, 04/12/2010 - 08:42
User Badges:
  • Green, 3000 points or more

Actually if you remove all logging commands:


clear config log


You got the same results.


This not only happens with the debug ssh correct?

For example if you configure any other debug as well, the same thing happens correct?


Federico.

ggr.support Mon, 04/12/2010 - 08:46
User Badges:

Correct, if I configure any type of debug and then close the session the debug is removed. I have not been able to find any information about this as to whether it is expected behaviour or if there is a way around it.


Paul.

Federico Coto F... Mon, 04/12/2010 - 08:59
User Badges:
  • Green, 3000 points or more

It seems the debugs are session specific.

It means that is expected behavior that disconnecting from an SSH session you no longer see the debug enabled.


The thing is that the logging debug-trace should keep sending the debugs to the syslog server.


Can you confirm that those messages are logged to the syslog server, but they stop appearing on the syslog server after disconnecting the SSH session?


Federico.

ggr.support Tue, 04/13/2010 - 00:58
User Badges:

Yes the debug messages are logged to the syslog server but as soon as I disconnect my SSH session I stop receiving the debug.


Paul.

ggr.support Tue, 04/13/2010 - 07:19
User Badges:

I have just opened a case with Cisco TAC to enquire about this and they have confirmed it is currently expected behaviour that debug is session based. As soon as you close your session onto an ASA all debug from your session is removed.


In case it helps or anyone is interested, Cisco have a bug open to add this as a feature enhancement in future code - CSCse30168


Regards,

Paul.

Actions

This Discussion