I have a new ASA 5510 running 8.3(1) and ASDM 6.4(5)
I am trying to use the real time log viewer to help troubleshoot some access issues, but I am getting delays of up to 30 seconds or more between my client conecting to the ASA and the corresponding events showing in the RT Log viewer. I am using a simple filter for source IP as it's quite a busy device.
I've seen an article that says to turn off certain logging IDs (such as 304001 from memory, but don't quote me!) which I have done, but no different.
Thanks for coming back .... here's the two outputs you asked for.
I've previoulsy tried disabling as much logging as possible (e.g. only to ASDM) but nothing seems to have any effect. You will see the two specific syslog IDs that I disabled after reading another post somewhere, but don't think this is relevant to our situation. (I think I saw another post suggesting a further four or five similar IDs to turn off as well, but not got round to that yet.)
Could really do with getting this sorted as it's causing me loads of stress from the site admins, who keep reminding me that their previous Linux-based firewall "never had all these problems" - I am fighting for credibility here
byasa01# sh run logging logging enable logging console informational logging buffered informational logging trap informational logging asdm informational logging host inside 192.168.20.50 no logging message 304002 no logging message 304001
byasa01# show access-list | include cache access-list cached ACL log flows: total 100, denied 0 (deny-flow-max 4096) byasa01#
I can understand what you are fighting against, but the real time log viewer is a convinient tool but not the best method i would say. The ASA also has to prioritize tasks to manage everything, the priority for it is inspecting traffic and logging is not a pririty task for it. If you're firewall is generating high amount of traffic then I would expect there might e some delay, although we can use bare minimum things to reduce this delay.
I would suggest you disable the following logging first:
logging console informational
logging buffered informational
logging asdm informational
and then, reduce the time interval of the acl log as well, for that lets take an example that, you are logging the following acl:
access-list outside_in deny ip any any log interval 1
make the interval as 1sec, whihc means it would send the log after every 1 sec, default is 300.
While your statement about a busy firewall and the number of discarded messages makes sense in some respects, I'd appreciate a bit of an insight as to "what" is so busy.
This is a relatively small site - maybe 100 users - but with a proportionately high throughput to be honest - but do these numbers suggest a lot of stuff hitting the firewall and being rejected, hence blocking / delaying real traffic ?
Wouldn't mind a subjective opinion if you can spare some time.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :