asa 5520 8.22 asdm 6.34 ace logging not working

Answered Question
Sep 23rd, 2010

When i right mouse click the ace and sh log i dont see informational ace permits, denies in real time logger or anywhere else. the ace has a log informational statement at the end and i do see hits on the ace.

is this a bug? does anyone else have the same problem?

access-list DMZ2_access_in extended permit tcp host 172.19.111.114 any eq smtp log

the rule works but no permit log in real time viewer

Correct Answer by mirober2 about 6 years 5 months ago

Hello,

Double check to see if you have 'logging asdm informational' configured. Also, do you see any hitcounts increasing on that ACE?

-Mike

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
mirober2 Thu, 09/23/2010 - 09:39

Hello,

Double check to see if you have 'logging asdm informational' configured. Also, do you see any hitcounts increasing on that ACE?

-Mike

rgarufi@globeop.com Thu, 09/23/2010 - 10:38

Yes, the logging is set properly. see below.

logging buffered informational
logging trap GoEvent
logging asdm informational
logging mail critical

i get lots of hits but no logging. i think this is a bug, i have 20 asa all on 8.04 and i dont have aproblem, i have 2 asa on 8.22 and on bnoth i have this problem.

anyone else? i will prob downgrade to 8.04.

mirober2 Thu, 09/23/2010 - 12:16

Hello,


Do you see the messages in the output of 'show logg' on the ASA? How about in the main ASDM logging window on the Home tab?

Does the output of 'show logging queue' on the ASA indicate that any messages are being discarded?

-Mike

rgarufi@globeop.com Thu, 09/23/2010 - 12:30

Yes, i see messages in the buffer as well asdm. The queue has no drops.  The problem is when i look for a particular flow in the log corresponding to an ace it doesnt show up.

example: i am logging an ACE informational, i right mouse click on that ACE and do a sh log or go to real-time log viewer and search for a certain flow for a deny or a permit it doesnt show up.  The connection tear downs are being logged but not the acl permit.

all my firewalls (20 ASA 8.04) are configured the same way for logging. i have two firewalls one with 8.21 and one with 8.22 have this problem.

Does anyone else see this problem?

mirober2 Thu, 09/23/2010 - 12:42

I tried this on my ASA running 8.2(2) and using ASDM 6.3(4) and it seems to work as expected. If you try to change the logging level on the ACE to something higher (say level 3 or 4), does it show up in the real-time viewer?

-Mike

mirober2 Thu, 09/23/2010 - 13:06

Mine is a 5505, but they both run the same 8.2(2) image. This sounds like an issue with ASDM if the logs are showing up fine in the ASA and ASDM buffers. There is a bug where logged ACEs at the debugging level don't show up in the real-time viewer, but it should work at the informational level. Did you get a chance to try at a level like 3 or 4 to see if they show up in the real-time viewer?

-Mike

Actions

This Discussion