Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

ASA, tracking, failover, *notification*

This was my original thread which is now working great (thanks!):  https://supportforums.cisco.com/thread/2024835?tstart=0

I notice that when the main line goes down and the backup kicks in, it is transparent to the user, which is great.  But one drawback is that I would never know (or delayed to know) when the main line went down.

Is there a way to setup SMTP notifications for this?  I'm assuming some SMTP configuration and a syslog server (like Kiwi)?

Any tips appreciated.

Thanks

3 REPLIES
Cisco Employee

Re: ASA, tracking, failover, *notification*

You can setup syslog and also send email when that particular syslog messages are getting triggered.

The syslog message ID for changes in the tracking is 622001:
http://www.cisco.com/en/US/docs/security/asa/asa80/system/message/logmsgs.html#wp4774896

Example:

logging list track-list message 622001

logging mail track-list

logging from-address

logging recipient-address

smtp-server

OR/ alternatively you can just send it to a syslog server (kiwi):

logging list track-list message 622001

logging trap track-list

Hope that helps.

Community Member

Re: ASA, tracking, failover, *notification*

Hello,

Thank you for your help and sorry for the delay.

I'm going with the first suggestion.  Here is my config:

logging list track-list message 622001

logging list test message 111001

logging asdm informational

logging mail test

logging from-address firewall@company.com

logging recipient-address scott@company.com level errors

smtp-server 192.168.1.10
I initially created the "track-list" config, but did not receive an email when I unplugged the T1 (activating the failover).  I then created the "test" list and assigned it to "111001".  From what I read, this should send off an email whenever anything does a "write" command (write mem).
I am still not getting an email.  Before I start troubleshooting with the SMTP server, is there any way I can make sure the ASA is generating the email?
Thank you!

Cisco Employee

Re: ASA, tracking, failover, *notification*

As per this line of configuration:

logging recipient-address scott@company.com level errors

--> you'll be sending syslog with errors level (level 3) only, while the test list that you have configured for, ie: syslog# 11101 falls under notification level (level 5).

Also, please double check if logging has been turned on (show log), otherwise, the command to turn logging on is "logging enable".

To test the syslog mail, i would suggest a few things:

1) Change "logging mail test" to "logging mail 5", and also remove the "level errors" from the logging recipient-address command.

This will prove if you are getting any mails at all from the ASA.

2) If the above still does not give you any mails, you might want to run packet capture on the ASA interface where the mail server is connected to, to see if the ASA is even sending the email out. If it does, you might want to check your email server. If it doesn't, we might need to troubleshoot more on the syslog email portion.

3) If the above 1) works just fine, then you can tailor the syslog list accordingly.

2827
Views
0
Helpful
3
Replies
CreatePlease to create content