Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Inconsitencies with FWSM context buffer logs and Syslog Server.

Having a problem determining why certain log messages are not being received and/or appear different by the syslog server. On my FWSM context 3.2(4) logging is established with INFO for the trap setting on Facility 19. Noticed the following inconsistency with the messages.

FIREWALL: (real-time buffer)

Nov 20 2008 14:41:14 Firewall : %FWSM-6-302013: Built outbound TCP connection 146704929020420948 for ACL_INSIDE_IN:10.103.56.115/53049 (10.103.56.115/53049) to OUTSIDE:10.145.64.186/5989 (10.145.64.186/5989)

Nov 20 2008 14:41:21 Firewall : %FWSM-6-302013: Built inbound TCP connection 146054653791834182 for ACL_DMZ_IN:10.103.48.91/2073 (10.103.48.91/2073) to In-02-Win-2000:10.103.48.107/1433 (10.103.48.107/1433)

SYSLOG Server: (Setup as local3.*)

Nov 20 14:41:22 10.103.8.34 Nov 20 2008 14:41:21 Firewall : %FWSM-6-302013: Built inbound TCP connection 145918838336000046 for ACL_DMZ_IN:10.103.48.91/2073 (10.103.48.91/2073) to In-02-Win-2000:10.103.48.107/1433 (10.103.48.107/1433)

Nov 20 14:41:36 10.103.8.34 Nov 20 2008 14:41:35 Firewall : %FWSM-6-302013: Built outbound TCP connection 145816313171725930 for ACL_INSIDE_IN 10.103.56.115/53049 (10.103.56.115/53049) to OUTSIDE:10.145.64.186/5989 (10.145.64.186/5989

The connection values are different from Firewall real-time to Syslog server. I have disabled allot of messages thinking I have a bandwidth problem but in doing that nothing changed. I have also noticed that I never receive a Severity 4 (Deny/denied message) in the syslog.

And its only on this context as there are 6 Firewall contexts configured on this 6509. Any help greatly appreciated.

Thanks.

151
Views
0
Helpful
0
Replies
CreatePlease to create content