COMPGROUPS.NET | Search | Post Question | Groups | Stream | About | Register

logging level on asa

  • Follow


Hi,

We've configured a syslog server where our ASA 5510 can log to.
A trap is configured like"logging trap errors".

However, our syslog server gets flooded with messages as shown below :

%ASA-2-106001: Inbound TCP connection denied from x.x.x.x/3630 to
213.207.99.248/445 flags SYN on interface outside (Message repeated 2
times)
%ASA-2-106001: Inbound TCP connection denied from x.x.x.x/2671 to
213.207.99.248/445 flags SYN on interface outside
%ASA-2-106001: Inbound TCP connection denied from x.x.x.x/6822 to
213.207.99.248/445 flags SYN on interface outside

As we had a pix before, the logging level was configured at logging
trap notifications but it seems that the asa uses different levels for
some log entries ?

I just can't imagine the only reasonably logging level is "error".

Any comments on this ?

GR

Sebastian
0
Reply relaxteb (2) 5/15/2006 8:06:53 AM 

In article <1147680413.302792.315270@g10g2000cwb.googlegroups.com>,
Sebas <relaxteb@gmail.com> wrote:
>We've configured a syslog server where our ASA 5510 can log to.
>A trap is configured like"logging trap errors".

>However, our syslog server gets flooded with messages as shown below :

>%ASA-2-106001: Inbound TCP connection denied from x.x.x.x/3630 to
>213.207.99.248/445 flags SYN on interface outside (Message repeated 2
>times)

>I just can't imagine the only reasonably logging level is "error".

I haven't had a chance to work with ASA, so I don't know why
that is happening. Sounds like a bug to me.

The PIX and ASA command languages are the same, so I suggest
that you experiment with changing the logging level on individual
messages. In PIX 6.2/6.3, that would be via
"logging message 106001 level 4" (or something similar)

Is it possible that somehow all the messages got changed from
their default logging level to level 2?
0
Reply roberson 5/15/2006 4:32:07 PM 


Hi Walter,

That command was just what i needed to know.
I see i made a mistake in my case description, the level configured was
warning and not error.

I've moved 2 entries :
logging message 106001 level 5
logging message 106023 level 5

Now we have what we want.

Many thanks !

Sebastian
0
Reply Sebas 5/29/2006 1:36:27 PM
comp.dcom.sys.cisco 24755 articles. 23 followers.

2 Replies
351 Views

(page loaded in 0.051 seconds)

Similiar Articles:

Ping from ASA to remote network over VPN - comp.dcom.sys.cisco ...
From the ASA, I can't ping hosts on the remote ... interface Ethernet0/0 nameif outside security-level ... changed to > protect the innocent... > Turn up logging ...

VPN ASA Authentication to MS CA - comp.dcom.sys.cisco
I am performing user authentication ... certain IP ranges - comp.os.ms-windows ... Restricting VPN ... ... logging level on asa - comp.dcom ...

ASA 5510 multiple outside networks multiple IP - comp.dcom.sys ...
ASA 5510 multiple outside networks multiple IP - comp.dcom.sys ... WCCP on ASA & traffic between physical interfaces on ASA ... ASA 5510 log messages %ASA-4-419002 ...

Privilege level for VPN Access - comp.dcom.sys.cisco
Cisco ASA 5510 WebVPN SSL - comp.dcom.sys.cisco logging level on asa - comp.dcom.sys.cisco Ping from ASA to remote network over VPN - comp.dcom.sys.cisco ...

Best way to do multiple NAT statements on ASA - comp.dcom.sys ...
I think that you even can try to use same security level for all DMZs to ... (Cisco 2811 router) - comp ... logging level on asa - comp.dcom.sys.cisco Best way to do ...

ISAKMP duplicate packets - comp.dcom.sys.cisco
Netflow - Duplicate Packets or Flows - comp.dcom.sys.cisco ..... has the ability to ... logging level on asa - comp.dcom.sys.cisco Problem with IPSEC VPN - comp.dcom ...

How to manage security in a multi file solution in fm8 - comp ...
All interface files could automatically open using a low level user password ... Automatically generating password for passwd - comp.sys.hp.hpux ... logging level on asa ...

SNMP Traps to Syslog with increased severity - comp.dcom.sys.cisco ...
In PIX/ASA you would use logging message ID level LEVEL But I don't recall PIX ever complaining about multicast heartbeat, so probably you aren't using PIX.

Active FTP on PIX not functioning - comp.dcom.sys.cisco
And then, you may want to up the logging level on the pix, and check the log on why. ... Active FTP on PIX not functioning - comp.dcom.sys.cisco PASV FTP through ASA ...

WCCP on ASA & traffic between physical interfaces on ASA - comp ...
I have enabled traffic between interfaces on same security level as WAAS and ... WCCP on ASA & traffic between physical interfaces on ASA ... ASA 5510 log messages %ASA-4 ...

Fine-Tuning Logging Message Generation > Cisco ASA and PIX ...
Cisco ASA and PIX Firewall Logging ... After you have chosen and configured severity levels for logging destinations ...

logging in ASA - Cisco Support Community - Cisco Systems, Inc
For this first find the message ids for the ftp related connections from ASA logs then create message list based on that. ex: logging list my_CRITICAL level warnings

7/21/2012 1:23:52 AM


Reply:



Privacy Policy | All Times Are GMT(UTC) | powered by