ASA logs are not reaching syslog server

Unanswered Question
Jul 13th, 2012
User Badges:

Recently we have been experiencing an issue with our ASA's syslog messages not reaching the syslog server. Periodically a message will get through but its fairly random. The ASA and the syslog server do reside on different subnets be it has always been this way and it has worked properly in the past. There have been a few code upgrades to the ASA and the syslog server resides in a VM environment but it recieves logs properly from all other devices. The patches to the ASA were to resolve some VPN bugs we were experiencing. Any ideas on what the issue could be?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
JORGE RODRIGUEZ Fri, 07/13/2012 - 09:44
User Badges:
  • Green, 3000 points or more

Hi,


Personally I have run into syslog messaging  issues in the past and have been related to bugs ,you may want to try looking at the code you have upgraded to and rule out bugs pertaining to syslog messaging . Look into your code opened Caveats  in the link bellow .  If you have  dounble check your firewall configuration after the upgrade for syslogs to be ok and have other firewalls sending logs ok to the server , it could very well be a bug related issue.


http://www.cisco.com/en/US/partner/products/ps6120/prod_release_notes_list.html


You can also check in bug data base for your code -


http://tools.cisco.com/Support/BugToolKit/action.do?hdnAction=searchBugs





Regards

Luis Silva Benavides Fri, 07/13/2012 - 09:46
User Badges:
  • Cisco Employee,

Hi Dustin,


We will need to determine if the syslog messages are actually leaving the ASA interface, you can do this with a capture on the interface were the server is located. Also will be a good idea to test basic connectivity between the FW and the syslog server.


Luis

Actions

This Discussion

Related Content