We have some ASA 5515-Xs running 8.6(1) code. We have syslogging setup (config below) and it's logging a slew of data just fine at a pace of 3-5 messages/sec, however there are some syslog IDs that never get sent. I have verified with tcpdump on the receiving syslog host that the specific messages we are looking for are never sent by the ASA. I'm interested in messages from the DAP and VPN classes (among others), which are 713xxx and 734xxx. In the ASDM console these messages show up just fine (sanitized):
5|Aug 09 2012|22:28:40|713130|||||Group = XXX, Username = YYY, IP = x.x.x.x, Received unsupported transaction mode attribute: 5
5|Aug 09 2012|22:28:40|713904|||||Group = XXX, Username = YYY, IP = x.x.x.x, IKE: Filter conflict: received filter-ID (filter name=no filter) along with an AV-PAIR dynamic ACL filter (filter name = DAP-ip-user-00CDA106).AV-PAIR dynamic filter will be applied.
6|Aug 09 2012|22:28:40|734001|||||DAP: User YYY, Addr x.x.x.x, Connection IPSec: The following DAP records were selected for this connection: UserFullAccess
However, these messages never show up in the syslog destination file (but a bunch of other expected stuff DOES).
This is the entirety of our logging config:
asa/act# show running-config | grep logg
logging buffer-size 16384
logging buffered critical
logging trap informational
logging asdm informational
logging facility 22
logging host inside 10.1.255.5
logging host inside 10.1.255.6
Are we up against a bug? Is there something we need to enable?
This ended up being due to having multiple routes to the syslog server, one over the management interface (directly connected) and one via a static route. Why different systems within the ASA would choose different routes is not clear, but removing the routing decision resolved the issue.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...