Re: [OSL | CCIE_Security] ASA with two Syslog Server

[Piotr Matusiak]

Seems like a routing issue or filtering somewhere in the middle. Anyway, you 
can capture that traffic on ASA.

Try this (change your interfecae depending on where yout SYSLOG is):

ciscoasa(config)# access-li SYSLOG per udp any eq 514 any eq 514
ciscoasa(config)# capture TEST type raw-data interface inside access-list SYSLOG

ciscoasa(config)# sh cap TEST
2 packets captured
   1: 00:04:11.419060 10.1.1.10.514 > 10.1.1.1.514:  udp 69
   2: 00:04:11.456580 10.1.1.10.514 > 10.1.1.1.514:  udp 107
2 packets shown

Regards,
Piotr


From: parvez ahmad 
Sent: Tuesday, June 26, 2012 8:35 PM
To: Eugene Pefti 
Cc: ccie_security@onlinestudylist.com 
Subject: Re: [OSL | CCIE_Security] ASA with two Syslog Server

Hello,

The number of messages increasing -- by checking sh logging commands  

But one of the syslog server is not getting logs.

How we can ensure that ASA is sending the syslogs to the both syslogs serves.

Regards
Parvez

On Tue, Jun 26, 2012 at 1:46 PM, Eugene Pefti <eug...@koiossystems.com> wrote:

  See below number of messages in red
  If your ASA is configured correctly then they should increment

  5510-ASA# sh logging
  Syslog logging: enabled
      Facility: 20
      Timestamp logging: enabled
      Standby logging: disabled
      Debug-trace logging: disabled
      Console logging: level errors, 5312 messages logged
      Monitor logging: disabled
      Buffer logging: level informational, 135581860 messages logged
      Trap logging: level warnings, facility 20, 69388 messages logged
          Logging to inside 192.168.14.4 errors: 1  dropped: 1
          Logging to inside 192.168.14.5 errors: 2535  dropped: 9164

  From: parvez ahmad <parvez.ahma...@gmail.com>
  Date: Monday, June 25, 2012 11:19 PM
  To: "ccie_security@onlinestudylist.com" <ccie_security@onlinestudylist.com>
  Subject: [OSL | CCIE_Security] ASA with two Syslog Server


  Hello, 

  We have configure ASA as per the below.

  Outside------ASA----Inside 

  We have one more interface DMZ with Security 50 and have two syslog servers, 
one is inside and another  in DMZ.

  I have configured ASA to send the syslog to these server.

  How i can check that ASA is sending syslog to these server at the UDP Port 
514.

  Show snmp-server statistics is not that much helpful, I just wanted to know 
the other way to check it.


  Regards,
  Parvez 





--------------------------------------------------------------------------------
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Are you a CCNP or CCIE and looking for a job? Check out 
www.PlatinumPlacement.com
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Are you a CCNP or CCIE and looking for a job? Check out 
www.PlatinumPlacement.com