logging level on asa


We've configured a syslog server where our ASA 5510 can log to. A trap is configured like"logging trap errors".

However, our syslog server gets flooded with messages as shown below :

%ASA-2-106001: Inbound TCP connection denied from x.x.x.x/3630 to flags SYN on interface outside (Message repeated 2 times) %ASA-2-106001: Inbound TCP connection denied from x.x.x.x/2671 to flags SYN on interface outside %ASA-2-106001: Inbound TCP connection denied from x.x.x.x/6822 to flags SYN on interface outside

As we had a pix before, the logging level was configured at logging trap notifications but it seems that the asa uses different levels for some log entries ?

I just can't imagine the only reasonably logging level is "error".

Any comments on this ?



Reply to
Loading thread data ...

I haven't had a chance to work with ASA, so I don't know why that is happening. Sounds like a bug to me.

The PIX and ASA command languages are the same, so I suggest that you experiment with changing the logging level on individual messages. In PIX 6.2/6.3, that would be via "logging message 106001 level 4" (or something similar)

Is it possible that somehow all the messages got changed from their default logging level to level 2?

Reply to
Walter Roberson

Hi Walter,

That command was just what i needed to know. I see i made a mistake in my case description, the level configured was warning and not error.

I've moved 2 entries : logging message 106001 level 5 logging message 106023 level 5

Now we have what we want.

Many thanks !


Reply to

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.