Cisco ASA Syslog Configuration

The Cisco ASA firewall generates syslog messages for many different events. For example, interfaces going up or down, security alerts, debug information and more. We can configure the ASA to tell it how much and where to store logging information.

Before you configure logging, make sure your clock has been configured.

Let’s take a look at our configuration options.

Configuration

First, make sure logging is enabled:

ASA1(config)# logging enable

Logging to SSH or Telnet

We’ll start by looking at logging on SSH or telnet sessions. Let’s see what level of logging options we have:

ASA1(config)# logging monitor ?

configure mode commands/options:
  <0-7>          Enter syslog level (0 - 7)
  WORD           Specify the name of logging list
  alerts         Immediate action needed           (severity=1)
  critical       Critical conditions               (severity=2)
  debugging      Debugging messages                (severity=7)
  emergencies    System is unusable                (severity=0)
  errors         Error conditions                  (severity=3)
  informational  Informational messages            (severity=6)
  notifications  Normal but significant conditions (severity=5)
  warnings       Warning conditions                (severity=4)

The logging monitor command configures the level of logging that we want to use. For example, when you select debugging (level 7) then it will log all lower levels as well. If you select “errors” then it will only log level 3,2,1 and 0. We will select debugging so that we can see debug messages on our telnet or SSH session:

ASA1(config)# logging monitor debugging

The logging level has been configured but we still need to enable logging, here’s how:

ASA1(config)# terminal monitor

This enables logging up to the debug level on your telnet or SSH session. Let’s continue with another example…

Logging to Internal Buffer

The ASA has an internal buffer that we can use for syslog messages. By default it’s enabled so let’s enable it:

ASA1(config)# logging buffered warnings

This will log all syslog messages with level “warnings” or lower to the internal buffer. We can also configure the size of the internal buffer:

ASA1(config)# logging buffer-size 8192

By default it’s only 4KB, I changed it to 8KB with the logging buffer-size command. Let’s see if we can find some syslog information in our internal buffer. Here’s an example how we can test it:

ASA1(config)# interface E0/0
ASA1(config-if)# shutdown
ASA1(config-if)# no shutdown

Shutting an interface is something that will be logged. Now use the show logging command to view the log:

ASA1# show logging 
Syslog logging: enabled
    Facility: 20
    Timestamp logging: disabled
    Standby logging: disabled
    Debug-trace logging: disabled
    Console logging: disabled
    Monitor logging: level debugging, 32 messages logged
    Buffer logging: level warnings, 3 messages logged
    Trap logging: disabled
    Permit-hostdown logging: disabled
    History logging: disabled
    Device ID: disabled
    Mail logging: disabled
    ASDM logging: disabled
%ASA-4-411003: Interface Ethernet0/1, changed state to administratively down
%ASA-4-411001: Line protocol on Interface Ethernet0/1, changed state to up

You can see the logging settings but also two entries at the bottom…the interface going down and up. Let’s try something else now…

Logging to console

We can log syslog messages to the console like this:

We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now!

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You’ve Ever Spent on Your Cisco Career!
  • Full Access to our 801 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)
506 Sign Ups in the last 30 days
satisfaction-guaranteed

  • 100% Satisfaction Guaranteed!
  • You may cancel your monthly membership at any time.
  • No Questions Asked!

Tags: ,


Forum Replies

  1. Hi,
    Can you explain what is logging list ?
    And what if we need some message from level informational and notifications

    Thanks

  2. Hello Sims

    The logging list that you can add can create a list of logging levels that are not continuous. In other words, you can create a logging list called “my_logging_list” and define which levels of messages you want to include. For example, you can include severity levels 2, 5 and 7.

    So if you want to just see the information and notifications levels as you mentioned, you can do this using a logging list.

    I hope this has been helpful!

    Laz

  3. Thank you Rene… Always great lessons to learn…
    question #1:

    ASA1(config)# logging mail alerts
    ASA1(config)# logging from-address asa@networklessons.com
    ASA1(config)# logging recipient-address info@networklessons.com
    ASA1(config)# smtp-server 192.168.1.1
    
    • I understand that the logging recipient-address can be an individual but What will the logging-from address be? Do we configure the ASA to own an email address? and how? (I mean, who owns the asa@networklessons.com address in this case?)

    Question #2:
    ASA1(config)# logging asdm debugging
    I understand that the

    ... Continue reading in our forum

  4. Hello Ayong

    In order to use this feature, you must also have an SMTP email server. In this case, the ASA is functioning as an email client. The SMTP server used in this configuration has an IP address of 192.168.1.1.

    ... Continue reading in our forum

  5. Thank you so much Laz. That clarifies my doubts.

7 more replies! Ask a question or join the discussion by visiting our Community Forum