We have some ASA 5515-Xs running 8.6(1) code. We have syslogging setup (config below) and it's logging a slew of data just fine at a pace of 3-5 messages/sec, however there are some syslog IDs that never get sent. I have verified with tcpdump on the receiving syslog host that the specific messages we are looking for are never sent by the ASA. I'm interested in messages from the DAP and VPN classes (among others), which are 713xxx and 734xxx. In the ASDM console these messages show up just fine (sanitized):
5|Aug 09 2012|22:28:40|713130|||||Group = XXX, Username = YYY, IP = x.x.x.x, Received unsupported transaction mode attribute: 5
5|Aug 09 2012|22:28:40|713904|||||Group = XXX, Username = YYY, IP = x.x.x.x, IKE: Filter conflict: received filter-ID (filter name=no filter) along with an AV-PAIR dynamic ACL filter (filter name = DAP-ip-user-00CDA106).AV-PAIR dynamic filter will be applied.
6|Aug 09 2012|22:28:40|734001|||||DAP: User YYY, Addr x.x.x.x, Connection IPSec: The following DAP records were selected for this connection: UserFullAccess
However, these messages never show up in the syslog destination file (but a bunch of other expected stuff DOES).
This is the entirety of our logging config:
asa/act# show running-config | grep logg
logging buffer-size 16384
logging buffered critical
logging trap informational
logging asdm informational
logging facility 22
logging host inside 10.1.255.5
logging host inside 10.1.255.6
Are we up against a bug? Is there something we need to enable?
This ended up being due to having multiple routes to the syslog server, one over the management interface (directly connected) and one via a static route. Why different systems within the ASA would choose different routes is not clear, but removing the routing decision resolved the issue.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :