The ASA should send its logging to as many syslog servers as you configure. Is this a production environment? Most likely what Piotr said. By the way I didn't know that you can see the locally generated traffic on ASA with captures.
From: Piotr Matusiak [mailto:[email protected]] Sent: Tuesday, June 26, 2012 12:19 PM To: parvez ahmad; Eugene Pefti Cc: [email protected] Subject: Re: [OSL | CCIE_Security] ASA with two Syslog Server Seems like a routing issue or filtering somewhere in the middle. Anyway, you can capture that traffic on ASA. Try this (change your interfecae depending on where yout SYSLOG is): ciscoasa(config)# access-li SYSLOG per udp any eq 514 any eq 514 ciscoasa(config)# capture TEST type raw-data interface inside access-list SYSLOG ciscoasa(config)# sh cap TEST 2 packets captured 1: 00:04:11.419060 10.1.1.10.514 > 10.1.1.1.514: udp 69 2: 00:04:11.456580 10.1.1.10.514 > 10.1.1.1.514: udp 107 2 packets shown Regards, Piotr From: parvez ahmad<mailto:[email protected]> Sent: Tuesday, June 26, 2012 8:35 PM To: Eugene Pefti<mailto:[email protected]> Cc: [email protected]<mailto:[email protected]> Subject: Re: [OSL | CCIE_Security] ASA with two Syslog Server Hello, The number of messages increasing -- by checking sh logging commands But one of the syslog server is not getting logs. How we can ensure that ASA is sending the syslogs to the both syslogs serves. Regards Parvez On Tue, Jun 26, 2012 at 1:46 PM, Eugene Pefti <[email protected]<mailto:[email protected]>> wrote: See below number of messages in red If your ASA is configured correctly then they should increment 5510-ASA# sh logging Syslog logging: enabled Facility: 20 Timestamp logging: enabled Standby logging: disabled Debug-trace logging: disabled Console logging: level errors, 5312 messages logged Monitor logging: disabled Buffer logging: level informational, 135581860 messages logged Trap logging: level warnings, facility 20, 69388 messages logged Logging to inside 192.168.14.4 errors: 1 dropped: 1 Logging to inside 192.168.14.5 errors: 2535 dropped: 9164 From: parvez ahmad <[email protected]<mailto:[email protected]>> Date: Monday, June 25, 2012 11:19 PM To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Subject: [OSL | CCIE_Security] ASA with two Syslog Server Hello, We have configure ASA as per the below. Outside------ASA----Inside We have one more interface DMZ with Security 50 and have two syslog servers, one is inside and another in DMZ. I have configured ASA to send the syslog to these server. How i can check that ASA is sending syslog to these server at the UDP Port 514. Show snmp-server statistics is not that much helpful, I just wanted to know the other way to check it. Regards, Parvez ________________________________ _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
