Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 342
  • Last Modified:

Difference Between SYSLOG / TCP DUMP/DEBUG messages etc


In ASA Firewall What would we get through

a) Captures output
b) SysLog events
c) Debug Messages
d)show conn output

The above services are appear to be similar but very helpfull
so that will you provide the differences


1 Solution
jmeggersSr. Network and Security EngineerCommented:
I believe "capture output" may be the packet-capture utility, which I can't say I've ever used. I'm sure you can find information on that.  

Syslog will depend on what level you're logging, from 0 (emergencies) up to 7 (debugging).  Most of the time I see logging set to either level 5 (notifications) or level 6 (informational). These are system messages about what is happening (connection established, etc.).  I would say you should always be logging at least some information about what's happening on the ASA.

Debug messages will depend on what you're debugging.  On a production system, be VERY careful about what you debug, you can bog the box down.  The classic example is "debug ip packet" on an IOS router --- very bad idea.  Typically you want to debug only if you're having a specific problem, as in "debug crypto isakmp" to identify why an ISAKMP session is not establishing.  Once you're done, turn it off.

"Show conn" will show you all connections through the ASA including the 5-part tuple (protocol, source IP, source port, destination IP, destination port), e.g.:

ASA# show conn
57 in use, 244 most used
UDP outside x.x.x.x:123 inside, idle 0:01:38, bytes 48, flags -
TCP outside y.y.y.y:443 inside, idle 0:00:32, bytes 3864, flags UIO
TCP outside y.y.y.y:443 inside, idle 0:00:32, bytes 3896, flags UIO
RAMU CHAuthor Commented:

Featured Post

Receive 1:1 tech help

Solve your biggest tech problems alongside global tech experts with 1:1 help.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now