ASA 5540 not logging NAT TRANSLATION errors
Hello,
What would couse a ASA 5540 to not log NAT TRANSLATION ERRORS??
What would couse a ASA 5540 to not log NAT TRANSLATION ERRORS??
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Here is how logging is setup. I know at my previous job, I could look, on the syslog server, for the ino or warning.. cant remeber what the log was.. but I could see any NAT errors there. For these ASA's here, I am only getting an alert and critical.txt on the syslog server.
logging enable
logging timestamp
logging standby
logging buffer-size 1048576
logging asdm-buffer-size 512
logging console emergencies
logging monitor critical
logging buffered critical
logging trap critical
logging history emergencies
logging asdm debugging
logging mail emergencies
logging from-address ASA40A@xxxxx.com
logging recipient-address adminalerts@xxxxx.com level emergencies
logging device-id hostname
logging host inside 10.5.85.5
logging host inside txdal01002
logging permit-hostdown
logging class auth monitor debugging
logging class vpn monitor debugging
logging class vpnc monitor debugging
logging class vpnfo monitor debugging
logging class vpnlb monitor debugging
no logging message 302014
no logging message 304002
no logging message 304001
no logging message 302016
no logging message 302021
no logging message 302020
logging message 302014 level debugging
logging message 304002 level debugging
logging message 304001 level debugging
logging message 302016 level debugging
logging message 302021 level debugging
logging message 302020 level debugging
logging rate-limit 1500 1 level 0
logging rate-limit 10000 1 level 1
logging rate-limit 5000 1 level 2
logging rate-limit 1500 1 level 3
logging rate-limit 1500 1 level 4
logging rate-limit 750 1 level 5
logging rate-limit 1500 1 level 6
logging rate-limit 10000 1 level 7
logging enable
logging timestamp
logging standby
logging buffer-size 1048576
logging asdm-buffer-size 512
logging console emergencies
logging monitor critical
logging buffered critical
logging trap critical
logging history emergencies
logging asdm debugging
logging mail emergencies
logging from-address ASA40A@xxxxx.com
logging recipient-address adminalerts@xxxxx.com level emergencies
logging device-id hostname
logging host inside 10.5.85.5
logging host inside txdal01002
logging permit-hostdown
logging class auth monitor debugging
logging class vpn monitor debugging
logging class vpnc monitor debugging
logging class vpnfo monitor debugging
logging class vpnlb monitor debugging
no logging message 302014
no logging message 304002
no logging message 304001
no logging message 302016
no logging message 302021
no logging message 302020
logging message 302014 level debugging
logging message 304002 level debugging
logging message 304001 level debugging
logging message 302016 level debugging
logging message 302021 level debugging
logging message 302020 level debugging
logging rate-limit 1500 1 level 0
logging rate-limit 10000 1 level 1
logging rate-limit 5000 1 level 2
logging rate-limit 1500 1 level 3
logging rate-limit 1500 1 level 4
logging rate-limit 750 1 level 5
logging rate-limit 1500 1 level 6
logging rate-limit 10000 1 level 7
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks, the trap was set to critical for whatever reason. I set it to notificational and am getting the nat trans log now.
it is possible to prune syslog messages on config, for example:
no logging message 106015
no logging message 313001
no logging message 313008
no logging message 106023
no logging message 710003
no logging message 106100
no logging message 302015
no logging message 302014
no logging message 302013
no logging message 302018
no logging message 302017
no logging message 302016
no logging message 302021
no logging message 302020
please check it the config