ASA failover debugging to syslog server?

Posted on 2011-04-26
Last Modified: 2012-06-27

I'm trying to troubleshoot some failover problems with a couple of asa's and it would be nice to be able to send the traces to my syslog server.  Unfortunately, no matter what I do, they only go to the console.

Here's the relevant parts of the config.  What am I doing wrong?

FW1# sho run | incl log
access-list WEBHIS_IN extended permit udp object-group WEBHIS_SERVERS object-group SYSLOG_SERVERS eq syslog
logging enable
logging timestamp
logging list Authorization_Logging level informational class auth
logging list fo_list level debugging class ha
logging buffered debugging
logging trap fo_list
logging asdm informational
logging host inside
logging host inside
logging host inside

But when I

FW1 # debug fover rxip
FW1 # debug fover txip

It all still goes to console, and

$ tail -f /var/log/fw1

on the syslog server just sits there.  (and I am certain that the rsyslog.conf is set up correctly since it works with a general logging trap command.

What to do?



From console:

FW1# debug fover rxip    
fover event trace on
FW1# debug fover rxipfover_ip: fover_ip(): ifc 8 got Fover Msg ->
fover_ip: fover_ip(): ifc 8 got Fover Msg ->
fover_ip: fover_ip(): ifc 8 got Fover Msg ->
tfover_ip: fover_ip(): ifc 1 ->
fover_ip: fover_ip(): ifc 1 got FHELLO
fover_ip: fover_ip(): ifc 8 got Fover Msg ->
fover_ip: fover_ip(): ifc 8 got Fover Msg ->
fover_ip: fover_ip(): ifc 8 got Fover Msg ->
xipfover_ip: fover_ip(): ifc 8 got Fover Msg ->

fover event trace on
FW1# fover_ip: fover_ip(): ifc 8 got Fover Msg ->
fover_ip: fover_ip(): ifc 8 got Fover Msg ->
Question by:mlnpscda
    LVL 3

    Accepted Solution

    please add the logging debug-trace command to send to syslog.

    Author Closing Comment

    perfect.  thanks.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Why You Should Analyze Threat Actor TTPs

    After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

    There are many useful and sometimes not well documented or forgotten IOS or ASA/PIX commands. See IPE article here , there was also one on PacketU and on Cisco Tips & Tricks. Below are my favorites. I give also a few most often used for Cisco IPS an…
    Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
    Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now