Friday, 19 October 2012

Cisco ASA - Real Time Loggin not displaying all traffic

I had a problem where I needed to use the ASA real time logging but when I came to do so I could not see any traffic other than the PAT traffic, the NAT traffic was not being logged. This article is built thanks to the help I received from Journi Forss at Cisco Support.

Real Time Logging


Here you can see the real time logging is only showing the PAT traffic, I cannot see the correct ports that are actually being translated, I am only seeing the PAT ports that are in use.

Dynamic Translation


Here you can see that I am only seeing the dynamic translations, these are the PAT traffic.

Check Logging on the ASA


The next step was to check what logging was configured on the ASA, so I issued the show run logging command and in the output I can see that several syslog ID are disabled. The range from 30214 to 20218, this is the range for logging NAT traffic is the reason why I cannot see the information I needed.

Enable SysLog ID


The next step was to enable the syslog ID for logging again, so I issues the command logging message 30215 and did this each time for each syslog ID I required.

Correct Logging


Now when I used the real time logging I can see the correct NAT traffic and see the ports in use so I can perform the debugging I needed.

