Solved

Configuring ASA5510 to send logs to Kiwi syslog server

Posted on 2014-02-19
6
2,933 Views
Last Modified: 2014-02-19
I am trying to send logs to my Kiwi Syslog server, but I must be doing something wrong.  If you look a the "show logging" output,  I am getting asdm logs, but no logs sent to my Kiwi server.  

ASA5510# show logging
Syslog logging: enabled
    Facility: 20
    Timestamp logging: enabled
    Standby logging: disabled
    Debug-trace logging: disabled
    Console logging: disabled
    Monitor logging: disabled
    Buffer logging: disabled
    Trap logging: level errors, facility 20, 0 messages logged
        Logging to inside 172.31.252.63
    History logging: disabled
    Device ID: disabled
    Mail logging: disabled
    ASDM logging: level informational, 36911019 messages logged

Any ideas?
0
Comment
Question by:denver218
  • 3
  • 2
6 Comments
 
LVL 18

Expert Comment

by:Akinsd
ID: 39870312
Is 172.31.252.63 your KIWI server?

Show run logging
0
 
LVL 4

Author Comment

by:denver218
ID: 39870343
Yes it is my kiwi server and i can ping it from the ASA.

ASA5510# show run logging
logging enable
logging timestamp
logging trap errors
logging asdm informational
logging host inside 172.31.252.63
logging permit-hostdown
no logging message 106015
no logging message 313001
no logging message 313008
no logging message 106023
no logging message 710003
no logging message 106100
no logging message 302015
no logging message 302014
no logging message 302013
no logging message 302018
no logging message 302017
no logging message 302016
no logging message 302021
no logging message 302020
0
 
LVL 9

Accepted Solution

by:
ffleisma earned 250 total points
ID: 39870345
first check if logging server is reachable via ping 172.31.252.63

check if you are using the same UDP port 514 (although this is default) for the logging server and the ASA

another thing, which particular logs are you looking for on the syslog server? you might want to adjust the settings on the ACL you are trying to monitor and match it with the trap setting. i can see the trap logging is set to level errors. either adjust the logging level on the ACL or the trap level.

access-list inside_access_in line 1 extended permit ip any any log 3 interval 300
logging
hope this helps and let us know if you have any further questions
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 18

Assisted Solution

by:Akinsd
Akinsd earned 250 total points
ID: 39870373
packet-tracer input inside udp ip.of.asa 514 172.31.252.63 514 de

Focus more on phase 2 (ACL).
That should tell if the ASA is filtering the packet
0
 
LVL 4

Author Closing Comment

by:denver218
ID: 39871230
Thanks guys, it works now.  I didn't change anything, but when I came back from lunch I saw logs from the ASA in the Kiwi server.  Its been sending logs since.  Thanks.
0
 
LVL 18

Expert Comment

by:Akinsd
ID: 39872073
Excellent!
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
capture pcap with filtered traffic 1 65
Stuck in INIT/DROTHER 2 26
Provisioning vcpu for VM (cisco virl) 4 36
eigrp routing loop 5 42
If you have an ASA5510 then this sort of thing would be better handled with a CSC Module, however on an ASA5505 thats not an option, and if you want to throw in a quick solution to stop your staff going to facebook during work time, then this is the…
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question