ASA can not send all syslog messages by TCP

Nanbayas18 · ‎08-15-2013

Hi everyone.
I configured to ASA transfering syslog messages to syslog server by TCP.
I checked logged messages by "show logging " command, messages continiously occurerd.
But ASA didn't tfansfer all of messages to syslog server.

I can see ASA to work following:

1.ASA connected to syslog server every 1 minute.
2.TCP connection was disconnected in a few seconds after established TCP connection.
3.Transfered syslog messages during establishing TCP connection were not equal all of messages in ASA.
*.all of messages = maeeages I can see "by show logging" command

Please tell me

①TCP connection for transfering syslog message is established every 1 minutes.
- Is this correct ?
- Can I change TCP connection's cycle?.How can I change?.(Which paramater do I have to change.For ex. set to every 1 minute)

②Why are syslog messages by transfering by TCP not equal to messages in ASA(show logging)?
- Does ASA has limitter for transfering message ?

③Why is TCP connection disconnected in a few seconds before ASA doesn't send all of messages?

Marius Gunnerud · ‎08-19-2013

1.) The ASA sends syslog messages to the syslog server once the configured syslog queue is filled. The default queue size is 512 syslog messages. this can be edited by using the logging queue command and replace value with the number of messages that the queue should hold before sending to the syslog server.

2.) This could be that the logging level that is being sent to the syslog server is different than that which is being logged to the internal buffer.

configure logging level to the local buffer - logging buffered errors

configure logging level to syslog server - logging trap errors

3.) Not sure what you mean here? Do you mean you lose all TCP connections before the ASA sends syslog messages? please explain this a little more.

--
Please remember to select a correct answer and rate helpful posts