Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1120
Views
0
Helpful
9
Replies

FWSM and failover syslog messages.

Go to solution
andrea.meconi
Level 2
Level 2

‎12-19-2011 08:59 AM - edited ‎03-11-2019 03:03 PM

Hello.

I need to add a new syslog server on my FWSM to send it only failover related messages.

Any ideas?

Thanks.

Regards.

Andrea

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to andrea.meconi

‎12-19-2011 03:51 PM

Hello Andrea,

The think with this kind of setups is that the ASA will send all the messages belonging to that class to all of the syslog servers or will not send them at all.

So at this point its not supported.

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

0 Helpful
9 Replies 9

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎12-19-2011 09:37 AM

Hello Andrea,

-Lets start saying that the failover event messages belong to level 1 (alert).

-If you want to enable logging for the stand by unit please enter the command: Logging standby

Now if you want just to get the failover messages you could create a logging list for the messages you want to monitor.

Here are the syslog messages available, you will need to decide witch ones are you going to monitor and create the syslog lis:.

http://tools.cisco.com/squish/cb7Dc

Logging list test xxxx message #

Logging list test xxxx message #

Logging list test xxxx message #

Hope this helps, any other question just let me know.

Please rate helpful posts,

Kind regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Go to solution
andrea.meconi
Level 2
Level 2
In response to Julio Carvajal

‎12-19-2011 03:34 PM

Hello Julio and many thanks for your help.

We are using more than one syslog servers. Now we need to add a new syslog server and send to it only the ha related messages.

I prefered to use class filtering like this

logging class ha mail alerts

but I do not understand how I can send these messages to only one server and not to all.

Now we are using mail with

logging mail alerts

logging from-address blade@test.com

logging recipient-address andrea@test.com level alerts

snmtp-server 1.1.1.1

Regards.

Andrea

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to andrea.meconi

‎12-19-2011 03:51 PM

Hello Andrea,

The think with this kind of setups is that the ASA will send all the messages belonging to that class to all of the syslog servers or will not send them at all.

So at this point its not supported.

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Go to solution
andrea.meconi
Level 2
Level 2
In response to Julio Carvajal

‎12-19-2011 11:29 PM

Many thanks Julio.

Regards.

Andrea

0 Helpful

Go to solution
andrea.meconi
Level 2
Level 2
In response to Julio Carvajal

‎12-20-2011 03:04 AM

Hello.

Sorry, but with this config

logging enable

logging standby

logging mail alerts

logging from-address fwsm@test.it

logging recipient-address fm.net@test.it level alerts

logging class ha mail alerts

smtp-server 10.0.0.1

I'm not able to receive any ha syslog related messages.

Any ideas?

Thanks.

Regards.

Andrea

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to andrea.meconi

‎12-20-2011 10:29 AM

Hello Andrea,

But you are still getting other messages right?

You are just not getting the HA messages?

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Go to solution
andrea.meconi
Level 2
Level 2
In response to Julio Carvajal

‎12-20-2011 02:34 PM

Hello Julio.

Yes, my syslog servers are receiving all messages, ha related also.

I'm not receiving mail notification about ha.

Show logging command reports that messages are logged by mail.

FWSMs are running application image version 4.1(7).

Regards,

Andrea

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to andrea.meconi

‎12-20-2011 07:03 PM

Hello Andrea,

Some times the Syslog daemon used by the ASA migth get stuck, so lets take out the email configuration and do it one more time but this time using a higher level of trap.

no logging enable

no logging standby

no logging mail alerts

no logging from-address fwsm@test.it

no logging recipient-address fm.net@test.it level alerts

no logging class ha mail alerts

Logging enable

logging standby

logging mail list example

logging from-addresfwsm@test.it

logging recipient-addresfm.net@test.i

logging list example level notifications class ha

Please give it a try and let me know.

Regards,

Julio


Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Go to solution
andrea.meconi
Level 2
Level 2
In response to Julio Carvajal

‎02-16-2012 02:28 AM

Hello Julio.

Sorry for my later reply.

Now, we are using application software version 4.1(6) with multiple contexts.

Using the admin context I configure the logging facility with

logging enable

logging asdm informational

logging mail alerts

logging from-address fw-csc1@dominio.it

logging recipient-address andrea@dominio.it level alerts

logging class ha mail alerts

but I'm receiving only the monitoring interface messages

<161>%FWSM-1-105003: (Secondary_group_1) Monitoring on interface P2P-FW-CSC1 waiting

How can I receive message like "Switching to...".

Thanks.

Regards.

Andrea

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card