Home » Cisco » 300-206 » What will happen if syslog server 10.10.2.40 fails?

What will happen if syslog server 10.10.2.40 fails?

01/01/2017 – by Mod_GuideK 9

Hotspot Question

300-206-implementing-cisco-edge-network-security-solutions_img_091

300-206-implementing-cisco-edge-network-security-solutions_img_092
According to the logging configuration on the Cisco ASA, what will happen if syslog server 10.10.2.40 fails?
A. New connections through the ASA will be blocked and debug system logs will be sent to the internal buffer.
B. New connections through the ASA will be blocked and informational system logs will be sent to the internal buffer.
C. New connections through the ASA will be blocked and system logs will be sent to server 10.10.2.41.
D. New connections through the ASA will be allowed and system logs will be sent to server 10.10.2.41.
E. New connections through the ASA will be allowed and informational system logs will be sent to the internal buffer.
F. New connections through the ASA will be allowed and debug system logs will be sent to the internal buffer.

SHOW ANSWERS

9 thoughts on “What will happen if syslog server 10.10.2.40 fails?”

Anonymous says:

11/01/2019 at 9:13 PM

Pay attention to the protocol, if this syslog uses TCP or UDP.
TCP – blocked with syslog down
UDP – allowed with syslog down

Reply
Diffie-Hellman says:

09/14/2019 at 4:40 AM

Correct the answer is E

syslog connection is UDP

Reply
CMaran says:

07/29/2019 at 2:12 AM

Can’t tell from the picture. If TCP, then it will block. If UDP, it will allow (UDP is connectionless. it can’t tell if the server is available or not). See 2nd link from horse’s message

Reply
horse says:

05/11/2019 at 8:37 AM

B is correct
see
https://packetu.com/2016/06/28/careful-tcp-syslog-asa/
https://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/63884-config-asa-00.html#anc6

Reply
1. CrazzyMonkey says:
  
  09/01/2019 at 12:39 AM
  
  From the link you`ve published:
  
  “Since we are doing TCP based logging, the ASA can determine the status of the syslog server (or that it doesn’t exist). Since the connection cannot be established and log the activity, it defaults to disallowing new connections for transit traffic.
  …
  There are a couple of ways to solve this. The first method is to only use UDP based logging. The other way to solve this is with the following command.
  
  asav-1(config)# logging permit-hostdown
  ”
  
  How can one tell, from the screenshot, whether it`s UDP or TCP?
  
  Regards,
  
  CM
  
  Reply
Anonymous says:

04/24/2019 at 8:17 AM

should be E, check the config of syslog server, if its not syslog-tls nothing will be blocked

Reply
whistleblower says:

04/12/2019 at 7:16 AM

is there any update on this? I do also not understand why a syslog failure should prevent new connections passing ASA?

Reply
ondskan says:

12/01/2018 at 1:22 PM

Answer B is not correct. IMO i will go with E.
There is not enough detail showed in diagrams, Failure of Syslog server will not prevent new connection passing of ASA policy. In case of no additional syslog server configured, if connection to configured syslog fails, logs will be sent to internal buffer.
For exam verify configuration of syslogs servers.

Reply
1. CrazzyMonkey says:
  
  08/30/2019 at 12:38 AM
  
  IMHO, should be E, as long as the syslog connection is UDP. There must be missing a screenshot with the syslog server configuration.
  
  TTFN,
  
  Reply

9 thoughts on “What will happen if syslog server 10.10.2.40 fails?”

Leave a Reply Cancel reply