Enabling Cisco ASA Syslog through ASDM

Hello,  We have a CISCO ASA firewall that we manage with the ASDM Launcher.  We are trying to get this thing to send syslog messages to a syslog server we have, but have not had any luck.  I see under the configuration > device management tab a few syslog settings.  We have tried putting in the syslog server here, but are still not getting any messages.  Is there something I am missing?  Here is the running config from the firewall talking about logging:

logging enable
logging timestamp
logging standby
logging console emergencies
logging monitor emergencies
logging trap emergencies
logging asdm debugging
logging host management 192.168.203.223
mtu management 1500
delmarvamonkeyAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

3nerdsCommented:
You need to add:

logging host inside 192.168.203.223

assuming that 192.168.203.x network is connect to your inside interface.

Regards,

3nerds
0
MikeKaneCommented:
In the GUI, you would click Configuration >Device management > Logging > Syslog Servers      Then ADD a new entry and enter the IP of the server that is running the syslog services.  
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
yashinchaladCommented:
please try " ping management 192.168.203.223 " and confirm if its accessable through management port or not.
accordingly modify the interface and add the IP.
rest all conf is fine
using ASA......
configuration->device mgmt->logging->syslog servers.
also check for logging filters.
0
Increase Security & Decrease Risk with NSPM Tools

Analyst firm, Enterprise Management Associates (EMA) reveals significant benefits to enterprises when using Network Security Policy Management (NSPM) solutions, while organizations without, experienced issues including non standard security policies and failed cloud migrations

delmarvamonkeyAuthor Commented:
So does the syslog server have to be on the same subnet as the interface?  Right now, it is sitting on a different vlan, but that interface should be able to route traffic, right?
0
3nerdsCommented:
It needs to be able to get to the syslog server and needs to know what device to go out to get there. The management port is special and has limitations. Which is why I was suggesting that you changed your syslog to go out the inside interface instead of the management.

Good Luck,

3nerds
0
MikeKaneCommented:
The syslog can sit on any interface, on any subnet, just as long as the traffic from the firewall can reach it.    It can go on the inside, outside, across a VPN tunnel, anything really.  
0
delmarvamonkeyAuthor Commented:
If I use the packet tracer in the asdm for syslog from the interface to the syslog server, I get packet is dropped.  The info is: "(fo-standby) dropped by standby unit."
0
delmarvamonkeyAuthor Commented:
Also, I installed the syslog server on a machine on the same subnet as the interface, but I still dont get the messages to the syslog server.
0
MikeKaneCommented:
Do you have a failover unit?   If not, then you have this one sending out failover info....    

For the syslog issue: Make sure the syslog server is connected and can ping the firewall (can firewall ping the syslog server?).  Make sure your syslog server is set to accept incoming messages from the host interface and/or displays packets on screen as well.  

0
3nerdsCommented:
What do you have for code lines for logging in your config right now.

3nerds
0
delmarvamonkeyAuthor Commented:
There is a failover unit.  I just have the default config of Kiwi server installed, so I assume the server piece is working properly.  Here is the entire firewall context config
[config removed by Lunchy]
0
3nerdsCommented:
from the asdm please click tools --> Ping

Type in the syslog server ip inthe the Host name box
Select the zpicserver from the interface drop down
select ping what is the result?

Regards,

3nerds
0
delmarvamonkeyAuthor Commented:
Here is what that returns:

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.207.250, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
0
3nerdsCommented:
Perfect.

Try doing a port scan of that server, MS has one for free on there site and scan the server for port 514 UDP being open.

It should respond back with LISTENING or Filtered if it is functioning

Good Luck,

3nerds
0
delmarvamonkeyAuthor Commented:
I have syslog messages going to one server, however they cant get to the other.  The error message I get is:  Routing failed to locate next hop for upd from NP Identity Ifc:192.168.207.1 to zpicserver: 10.0.0.139:514
0
LunchyCommented:
I've removed some sensitive information at the request of the question author.
http://www.experts-exchange.com/Q_24533925.html
Thank you,

Lunchy
Friendly Neighbourhood Community Support Moderator
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.