ASA, tracking, failover, *notification*

Unanswered Question
Jun 17th, 2010

This was my original thread which is now working great (thanks!):

I notice that when the main line goes down and the backup kicks in, it is transparent to the user, which is great.  But one drawback is that I would never know (or delayed to know) when the main line went down.

Is there a way to setup SMTP notifications for this?  I'm assuming some SMTP configuration and a syslog server (like Kiwi)?

Any tips appreciated.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jennifer Halim Thu, 06/17/2010 - 09:13

You can setup syslog and also send email when that particular syslog messages are getting triggered.

The syslog message ID for changes in the tracking is 622001:


logging list track-list message 622001

logging mail track-list

logging from-address

logging recipient-address


OR/ alternatively you can just send it to a syslog server (kiwi):

logging list track-list message 622001

logging trap track-list

Hope that helps.

scott.bridges Thu, 07/01/2010 - 12:21


Thank you for your help and sorry for the delay.

I'm going with the first suggestion.  Here is my config:

logging list track-list message 622001

logging list test message 111001

logging asdm informational

logging mail test

logging from-address [email protected]

logging recipient-address [email protected] level errors

I initially created the "track-list" config, but did not receive an email when I unplugged the T1 (activating the failover).  I then created the "test" list and assigned it to "111001".  From what I read, this should send off an email whenever anything does a "write" command (write mem).
I am still not getting an email.  Before I start troubleshooting with the SMTP server, is there any way I can make sure the ASA is generating the email?
Thank you!
Jennifer Halim Thu, 07/01/2010 - 16:23

As per this line of configuration:

logging recipient-address [email protected] level errors

--> you'll be sending syslog with errors level (level 3) only, while the test list that you have configured for, ie: syslog# 11101 falls under notification level (level 5).

Also, please double check if logging has been turned on (show log), otherwise, the command to turn logging on is "logging enable".

To test the syslog mail, i would suggest a few things:

1) Change "logging mail test" to "logging mail 5", and also remove the "level errors" from the logging recipient-address command.

This will prove if you are getting any mails at all from the ASA.

2) If the above still does not give you any mails, you might want to run packet capture on the ASA interface where the mail server is connected to, to see if the ASA is even sending the email out. If it does, you might want to check your email server. If it doesn't, we might need to troubleshoot more on the syslog email portion.

3) If the above 1) works just fine, then you can tailor the syslog list accordingly.


This Discussion