Launching soon: The world's first vendor agnostic bug scrubLearn more & join waitlist
OPERATIONAL DEFECT DATABASE
...
...
1. Logging buffered and the Syslog server will show logs in RFC3164 (Sep 23 2021 23:49:32 ) and RFC5424 (2021-09-23T23:49:36Z) for messages produced by the firewall context after enabling logging timestamp RFC5424. 2. The standby context will show the same inconsistency in the timestamps of the log. 3. There is a high possibility that a firewall context, that does not have RFC5424 enabled, will produce logs in RFC5424 format as well. 4. Active or Standby context might produce more consistent or inconsistent timestamp logs in comparison to each other.
1. ASA in multi-context with Failover enabled in active/standby mode. 2. Logging timestamp RFC5424 is enabled 3. Logging standby is enabled asa/myActiveContext/pri/act# sh run logging logging enable logging timestamp rfc5424 logging standby
Disable logging timestamp RFC5424 and logging standby
In a multi-context firewall with failover in active/standby scenario, it has been observed that when 'logging timestamp RFC5424' is enabled, the firewall context will inconsistently produce logs using RFC5424 (2021-09-23T23:49:36Z) and/or RFC3164 (Sep 23 2021 23:49:35), when we only expect to see them in RFC5424. i.e. 'show logging' from the local buffer will show a similar output as below from the active or standby context. 2021-09-24T00:48:30Z myActiveContext : %ASA-6-302020: Built inbound ICMP connection for faddr 10.28.1.21/1307 gaddr 10.28.1.44/0 laddr 10.28.1.44/0 type 8 code 0 2021-09-24T00:48:30Z myActiveContext : %ASA-6-302021: Teardown ICMP connection for faddr 10.28.1.21/1307 gaddr 10.28.1.44/0 laddr 10.28.1.44/0 type 8 code 0 Sep 24 2021 00:48:31 myActiveContext : %ASA-6-302020: Built inbound ICMP connection for faddr 10.28.1.21/1307 gaddr 10.28.1.44/0 laddr 10.28.1.44/0 type 8 code 0 Sep 24 2021 00:48:31 myActiveContext : %ASA-6-302021: Teardown ICMP connection for faddr 10.28.1.21/1307 gaddr 10.28.1.44/0 laddr 10.28.1.44/0 type 8 code 0 2021-09-24T00:48:32Z myActiveContext : %ASA-7-111009: User 'enable_15' executed cmd: show logging 2021-09-24T00:48:32Z myActiveContext : %ASA-6-302020: Built inbound ICMP connection for faddr 10.28.1.21/1307 gaddr 10.28.1.44/0 laddr 10.28.1.44/0 type 8 code 0 2021-09-24T00:48:32Z myActiveContext : %ASA-6-302021: Teardown ICMP connection for faddr 10.28.1.21/1307 gaddr 10.28.1.44/0 laddr 10.28.1.44/0 type 8 code 0 Sep 24 2021 00:48:33 myActiveContext : %ASA-6-302020: Built inbound ICMP connection for faddr 10.28.1.21/1307 gaddr 10.28.1.44/0 laddr 10.28.1.44/0 type 8 code 0 Sep 24 2021 00:48:33 myActiveContext : %ASA-6-302021: Teardown ICMP connection for faddr 10.28.1.21/1307 gaddr 10.28.1.44/0 laddr 10.28.1.44/0 type 8 code 0 2021-09-24T00:48:34Z myActiveContext : %ASA-7-111009: User 'enable_15' executed cmd: show logging 2021-09-24T00:48:34Z myActiveContext : %ASA-6-302020: Built inbound ICMP connection for faddr 10.28.1.21/1307 gaddr 10.28.1.44/0 laddr 10.28.1.44/0 type 8 code 0 2021-09-24T00:48:34Z myActiveContext : %ASA-6-302021: Teardown ICMP connection for faddr 10.28.1.21/1307 gaddr 10.28.1.44/0 laddr 10.28.1.44/0 type 8 code 0 Sep 24 2021 00:48:35 myActiveContext : %ASA-6-302020: Built inbound ICMP connection for faddr 10.28.1.21/1307 gaddr 10.28.1.44/0 laddr 10.28.1.44/0 type 8 code 0 Sep 24 2021 00:48:35 myActiveContext : %ASA-6-302021: Teardown ICMP connection for faddr 10.28.1.21/1307 gaddr 10.28.1.44/0 laddr 10.28.1.44/0 type 8 code 0 Sep 24 2021 00:48:35 myActiveContext : %ASA-7-111009: User 'enable_15' executed cmd: show logging Sep 24 2021 00:48:36 myActiveContext : %ASA-6-302020: Built inbound ICMP connection for faddr 10.28.1.21/1307 gaddr 10.28.1.44/0 laddr 10.28.1.44/0 type 8 code 0 Sep 24 2021 00:48:36 myActiveContext : %ASA-6-302021: Teardown ICMP connection for faddr 10.28.1.21/1307 gaddr 10.28.1.44/0 laddr 10.28.1.44/0 type 8 code 0 Sep 24 2021 00:48:37 myActiveContext : %ASA-6-302020: Built inbound ICMP connection for faddr 10.28.1.21/1307 gaddr 10.28.1.44/0 laddr 10.28.1.44/0 type 8 code 0 Sep 24 2021 00:48:37 myActiveContext : %ASA-6-302021: Teardown ICMP connection for faddr 10.28.1.21/1307 gaddr 10.28.1.44/0 laddr 10.28.1.44/0 type 8 code 0 2021-09-24T00:48:38Z myActiveContext : %ASA-7-111009: User 'enable_15' executed cmd: show logging 2021-09-24T00:48:38Z myActiveContext : %ASA-6-302020: Built inbound ICMP connection for faddr 10.28.1.21/1307 gaddr 10.28.1.44/0 laddr 10.28.1.44/0 type 8 code 0 2021-09-24T00:48:38Z myActiveContext : %ASA-6-302021: Teardown ICMP connection for faddr 10.28.1.21/1307 gaddr 10.28.1.44/0 laddr 10.28.1.44/0 type 8 code 0 Sep 24 2021 00:48:39 myActiveContext : %ASA-6-302020: Built inbound ICMP connection for faddr 10.28.1.21/1307 gaddr 10.28.1.44/0 laddr 10.28.1.44/0 type 8 code 0 Sep 24 2021 00:48:39 myActiveContext : %ASA-6-302021: Teardown ICMP connection for faddr 10.28.1.21/1307 gaddr 10.28.1.44/0 laddr 10.28.1.44/0 type 8 code 0 2021-09-24T00:48:40Z myActiveContext : %ASA-7-111009: User 'enable_15' executed cmd: show logging 2021-09-24T00:48:40Z myActiveContext : %ASA-6-302020: Built inbound ICMP connection for faddr 10.28.1.21/1307 gaddr 10.28.1.44/0 laddr 10.28.1.44/0 type 8 code 0 2021-09-24T00:48:40Z myActiveContext : %ASA-6-302021: Teardown ICMP connection for faddr 10.28.1.21/1307 gaddr 10.28.1.44/0 laddr 10.28.1.44/0 type 8 code 0