>From tcpdump I get lines like these, and I can see ICMP unreachable messages but from Graylog to Cisco ASA I think they're not relevant:
10:22:44.814404 IP Cisco-ASA.syslog > GRAYLOG.syslog: SYSLOG local4.warning, length: 166 10:22:44.814445 IP GRAYLOG > Cisco-ASA: ICMP GRAYLOG udp port syslog unreachable, length 202 10:22:49.823279 IP Cisco-ASA.syslog > GRAYLOG.syslog: SYSLOG local4.warning, length: 166 10:22:49.823313 IP GRAYLOG > Cisco-ASA: ICMP GRAYLOG udp port syslog unreachable, length 202 10:22:54.823912 IP Cisco-ASA.syslog > GRAYLOG.syslog: SYSLOG local4.warning, length: 166 10:22:54.823953 IP GRAYLOG > Cisco-ASA: ICMP GRAYLOG udp port syslog unreachable, length 202 10:22:59.823951 IP Cisco-ASA.syslog > GRAYLOG.syslog: SYSLOG local4.warning, length: 166 10:22:59.823981 IP GRAYLOG > Cisco-ASA: ICMP GRAYLOG udp port syslog unreachable, length 202 10:23:04.831671 IP Cisco-ASA.syslog > GRAYLOG.syslog: SYSLOG local4.warning, length: 166 10:23:04.831710 IP GRAYLOG > Cisco-ASA: ICMP GRAYLOG udp port syslog unreachable, length 202 10:23:09.832059 IP Cisco-ASA.syslog > GRAYLOG.syslog: SYSLOG local4.warning, length: 166 10:23:09.832085 IP GRAYLOG > Cisco-ASA: ICMP GRAYLOG udp port syslog unreachable, length 202 El viernes, 24 de abril de 2015, 10:16:25 (UTC-3), [email protected] escribió: > > Not now....my Indices section is green without failures...any idea > please??? Thanks again. > > El viernes, 24 de abril de 2015, 10:01:45 (UTC-3), Fisz escribió: >> >> Do you have some indexer failures in graylog? >> >> On Friday, April 24, 2015 at 2:14:28 PM UTC+2, [email protected] >> wrote: >>> >>> Dear, I've read the link about ASA's remote logging but it's the same >>> I've done. >>> >>> The problem is that lot of ASA logs come to my Graylog server, I see >>> them with tcpdump, but just a little part of them are displayed on the web >>> interface....Is it possible that all the logs arent't displayed but any >>> reason I don't know??? >>> >>> Thanks a lot!!! >>> >>> El viernes, 24 de abril de 2015, 3:16:24 (UTC-3), Fisz escribió: >>>> >>>> Hi, >>>> There are many types of sending logs from ASA. For ex. you can send >>>> different logs on ASA ASDM, and different on syslog server. This topic >>>> might interest you: >>>> http://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/63884-config-asa-00.html >>>> >>>> On Thursday, April 23, 2015 at 3:22:32 PM UTC+2, [email protected] >>>> wrote: >>>>> >>>>> Dear, I have Graylog 1.0.1 installed in a Debian Wheezy box. >>>>> Everything works OK, except the Cisco ASA incoming logs. >>>>> >>>>> When I'm in Graylog terminal, I execute tcpdump pointing to Cisco ASA >>>>> IP, and I can see a lot of incoming logs....but when I'm in the Graylog >>>>> web >>>>> interface, and choose the Cisco ASA source, there are a few logs. >>>>> >>>>> What can be the problem with this situation??? >>>>> >>>>> Thanks a lot, >>>>> >>>>> Roberto. >>>>> >>>> -- You received this message because you are subscribed to the Google Groups "graylog2" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
