Can the ASA 'sla monitor' log state changes to the log buffer?!

Unanswered Question
Aug 29th, 2010
User Badges:

Questions:  Does anyone know if "sla monitor" can log its state  changes?  If not now, is it planned in a future release?

Background:  Since version 7.2(1), the ASA firewall has a "sla monitor" feature to monitor the availability of remote IP addresses, eg

  sla monitor 10
   type echo protocol ipIcmpEcho interface outside
   num-packets 3
   frequency 10
  sla monitor schedule 10 life forever start-time now

which can then be applied to make routing changes (using "track" to add/remove) routes, eg:

  route outside 1 track 1
  route outsid2 250

The running state can be manually seen with:

  anyASAfirewall# show sla monitor operational-state
  Entry number: 10

  Latest operation return code: OK

Other than debug commands, the state changes are not logged, nor does there appear any respective logging commands.

The ability for sla monitor to log state changes would be a very useful feature, particularly in determining when *all* events occured and action was taken.

Thanks in advance


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
praprama Sun, 08/29/2010 - 21:33
User Badges:
  • Cisco Employee,


I think the below is what you are looking for:

You can also look at the below link:

You can look at the below document for all the logs that are produced when tacking succeeds and when it fails:

Let me know if this helps. All the best!!



j.irwin Sun, 08/29/2010 - 22:50
User Badges:

Thanks Nagaraja and Prapanch,

I am already familiar these links; to be clear, none make mention of non-debug logging, nor any specific sla log commands.

However, I can confirm (even on version 8.0) that the Nagaraja's 622001 events do get logged *without debug enabled*.

Aug 30 2010 14:58:27: %ASA-6-622001: Removing tracked route, distance 1, table Default-IP-Routing-Table, on interface outside
Aug 30 2010 14:58:27: %ASA-6-622001: Adding tracked route, distance 1, table Default-IP-Routing-Table, on interface outside

Hence these logs are available without any extra commands (from the original post).

The catch is these log events are type 6, which requires the very verbose:

  logging buffered informational

So in most production environments these logs will quickly expire when the log wraps, even with a megabyte of local logs:

  logging buffer-size 1048576



praprama Sun, 08/29/2010 - 23:20
User Badges:
  • Cisco Employee,


Just to clarify a thing here. Any message starting with the format of %PIX/ASA-x-yyyyyy is a syslog message and will not require any debugs to be run on the device. The link with the configuration example for SLA monitoring shows all logs produced when the tracking succeeds and when the tracking fails.

Regarding the syslog like below:

%PIX-6-622001: Removing tracked route,  
               distance 1, table Default-IP-Routing-Table, on interface

If you do not want to enable buffered logging at level 6, you can change the default level of this message to something higher using the below command:

So for example, if you would like to enable logging at level 3(errors) but still want the syslog id 622001 to be logged, you can change the level of this
command to errors using:

logging message 622001 level 3

Once this is done, you should see this message being logged at level 3 in the buffer. Hope this helps:


Nagaraja Thanthry Sun, 08/29/2010 - 23:21
User Badges:
  • Cisco Employee,


If you do not want to log at level 6, you can change the message level.

logging message 622001 level 3

This command will force the ASA to log 622001 at level 3. You can also

configure SNMP logging or mail logging for this specific event (although

mail logging is not very efficient).

Hope this works for you.




This Discussion