Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > logging level on asa

Reply
Thread Tools

logging level on asa

 
 
Sebas
Guest
Posts: n/a
 
      05-15-2006
Hi,

We've configured a syslog server where our ASA 5510 can log to.
A trap is configured like"logging trap errors".

However, our syslog server gets flooded with messages as shown below :

%ASA-2-106001: Inbound TCP connection denied from x.x.x.x/3630 to
213.207.99.248/445 flags SYN on interface outside (Message repeated 2
times)
%ASA-2-106001: Inbound TCP connection denied from x.x.x.x/2671 to
213.207.99.248/445 flags SYN on interface outside
%ASA-2-106001: Inbound TCP connection denied from x.x.x.x/6822 to
213.207.99.248/445 flags SYN on interface outside

As we had a pix before, the logging level was configured at logging
trap notifications but it seems that the asa uses different levels for
some log entries ?

I just can't imagine the only reasonably logging level is "error".

Any comments on this ?

GR

Sebastian

 
Reply With Quote
 
 
 
 
Walter Roberson
Guest
Posts: n/a
 
      05-15-2006
In article <(E-Mail Removed) .com>,
Sebas <(E-Mail Removed)> wrote:
>We've configured a syslog server where our ASA 5510 can log to.
>A trap is configured like"logging trap errors".


>However, our syslog server gets flooded with messages as shown below :


>%ASA-2-106001: Inbound TCP connection denied from x.x.x.x/3630 to
>213.207.99.248/445 flags SYN on interface outside (Message repeated 2
>times)


>I just can't imagine the only reasonably logging level is "error".


I haven't had a chance to work with ASA, so I don't know why
that is happening. Sounds like a bug to me.

The PIX and ASA command languages are the same, so I suggest
that you experiment with changing the logging level on individual
messages. In PIX 6.2/6.3, that would be via
"logging message 106001 level 4" (or something similar)

Is it possible that somehow all the messages got changed from
their default logging level to level 2?
 
Reply With Quote
 
 
 
 
Sebas
Guest
Posts: n/a
 
      05-29-2006
Hi Walter,

That command was just what i needed to know.
I see i made a mistake in my case description, the level configured was
warning and not error.

I've moved 2 entries :
logging message 106001 level 5
logging message 106023 level 5

Now we have what we want.

Many thanks !

Sebastian

 
Reply With Quote
 
NomadIndian NomadIndian is offline
Junior Member
Join Date: Feb 2011
Posts: 2
 
      02-14-2011
Hi Sebastian,

I have a problem regarding perhaps a simialar setup as yours. Can you share any suggestions?

I require to setup a syslog server to capture log reports of users on a Cisco ASA 5510 firewall. The firewall protects an application server on which users log in over vpn.

However, the client does not have a AAA server or MS AD server.

Looking for solutions, can this can be done using any freeware syslog software?

Many Thanks...
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ASA 5510 log messages %ASA-4-419002: Duplicate TCP SYN Tilman Schmidt Cisco 5 02-18-2008 12:07 PM
IPSec PIX 501 - ASA 5510 -> log flooded with %ASA-4-402116 Tilman Schmidt Cisco 0 01-24-2008 10:49 AM
ASA 5505 as hardware vpn client to PIX 501 or ASA 5505 with network extension mode activated bjorn@kumlait.se Cisco 1 06-17-2007 12:43 PM
WCCP on ASA & traffic between physical interfaces on ASA apsolar@gmail.com Cisco 3 02-15-2007 12:16 AM
c is a low-level language or neither low level nor high level language pabbu C Programming 8 11-07-2005 03:05 PM



Advertisments