logging level on asa

Discussion in 'Cisco' started by Sebas, May 15, 2006.

  1. Sebas

    Sebas Guest

    Hi,

    We've configured a syslog server where our ASA 5510 can log to.
    A trap is configured like"logging trap errors".

    However, our syslog server gets flooded with messages as shown below :

    %ASA-2-106001: Inbound TCP connection denied from x.x.x.x/3630 to
    213.207.99.248/445 flags SYN on interface outside (Message repeated 2
    times)
    %ASA-2-106001: Inbound TCP connection denied from x.x.x.x/2671 to
    213.207.99.248/445 flags SYN on interface outside
    %ASA-2-106001: Inbound TCP connection denied from x.x.x.x/6822 to
    213.207.99.248/445 flags SYN on interface outside

    As we had a pix before, the logging level was configured at logging
    trap notifications but it seems that the asa uses different levels for
    some log entries ?

    I just can't imagine the only reasonably logging level is "error".

    Any comments on this ?

    GR

    Sebastian
    Sebas, May 15, 2006
    #1
    1. Advertising

  2. In article <>,
    Sebas <> wrote:
    >We've configured a syslog server where our ASA 5510 can log to.
    >A trap is configured like"logging trap errors".


    >However, our syslog server gets flooded with messages as shown below :


    >%ASA-2-106001: Inbound TCP connection denied from x.x.x.x/3630 to
    >213.207.99.248/445 flags SYN on interface outside (Message repeated 2
    >times)


    >I just can't imagine the only reasonably logging level is "error".


    I haven't had a chance to work with ASA, so I don't know why
    that is happening. Sounds like a bug to me.

    The PIX and ASA command languages are the same, so I suggest
    that you experiment with changing the logging level on individual
    messages. In PIX 6.2/6.3, that would be via
    "logging message 106001 level 4" (or something similar)

    Is it possible that somehow all the messages got changed from
    their default logging level to level 2?
    Walter Roberson, May 15, 2006
    #2
    1. Advertising

  3. Sebas

    Sebas Guest

    Hi Walter,

    That command was just what i needed to know.
    I see i made a mistake in my case description, the level configured was
    warning and not error.

    I've moved 2 entries :
    logging message 106001 level 5
    logging message 106023 level 5

    Now we have what we want.

    Many thanks !

    Sebastian
    Sebas, May 29, 2006
    #3
  4. Sebas

    NomadIndian

    Joined:
    Feb 7, 2011
    Messages:
    2
    Hi Sebastian,

    I have a problem regarding perhaps a simialar setup as yours. Can you share any suggestions?

    I require to setup a syslog server to capture log reports of users on a Cisco ASA 5510 firewall. The firewall protects an application server on which users log in over vpn.

    However, the client does not have a AAA server or MS AD server.

    Looking for solutions, can this can be done using any freeware syslog software?

    Many Thanks...
    NomadIndian, Feb 14, 2011
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Forrest
    Replies:
    0
    Views:
    380
    Forrest
    Mar 5, 2004
  2. Replies:
    0
    Views:
    705
  3. Learning Cisco
    Replies:
    3
    Views:
    2,106
    Walter Roberson
    Oct 15, 2005
  4. zillah
    Replies:
    0
    Views:
    715
    zillah
    Nov 9, 2006
  5. Fred Atkinson

    Level 14 Privilege Level

    Fred Atkinson, Feb 22, 2007, in forum: Cisco
    Replies:
    10
    Views:
    1,955
    Trendkill
    Feb 26, 2007
Loading...

Share This Page