Difference Between SYSLOG / TCP DUMP/DEBUG messages etc

Posted on 2011-10-24
Last Modified: 2012-05-12

In ASA Firewall What would we get through

a) Captures output
b) SysLog events
c) Debug Messages
d)show conn output

The above services are appear to be similar but very helpfull
so that will you provide the differences


Question by:RAMU CH
    LVL 18

    Accepted Solution

    I believe "capture output" may be the packet-capture utility, which I can't say I've ever used. I'm sure you can find information on that.  

    Syslog will depend on what level you're logging, from 0 (emergencies) up to 7 (debugging).  Most of the time I see logging set to either level 5 (notifications) or level 6 (informational). These are system messages about what is happening (connection established, etc.).  I would say you should always be logging at least some information about what's happening on the ASA.

    Debug messages will depend on what you're debugging.  On a production system, be VERY careful about what you debug, you can bog the box down.  The classic example is "debug ip packet" on an IOS router --- very bad idea.  Typically you want to debug only if you're having a specific problem, as in "debug crypto isakmp" to identify why an ISAKMP session is not establishing.  Once you're done, turn it off.

    "Show conn" will show you all connections through the ASA including the 5-part tuple (protocol, source IP, source port, destination IP, destination port), e.g.:

    ASA# show conn
    57 in use, 244 most used
    UDP outside x.x.x.x:123 inside, idle 0:01:38, bytes 48, flags -
    TCP outside y.y.y.y:443 inside, idle 0:00:32, bytes 3864, flags UIO
    TCP outside y.y.y.y:443 inside, idle 0:00:32, bytes 3896, flags UIO

    Author Closing Comment

    by:RAMU CH

    Featured Post

    Live: Real-Time Solutions, Start Here

    Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

    Join & Write a Comment

    There are many useful and sometimes not well documented or forgotten IOS or ASA/PIX commands. See IPE article here , there was also one on PacketU and on Cisco Tips & Tricks. Below are my favorites. I give also a few most often used for Cisco IPS an…
    Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
    Internet Business Fax to Email Made Easy - With eFax Corporate (, you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
    This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now