Cisco ASA Logging/Syslog Time Sync Issue

edledge Cisco logo

Scenario:
Make: Cisco
Model
: ASA 5506-X, ASA 5506 W-X, ASA 5508-X, Cisco ASA 5500 Series
Mode: GUI & CLI
Version: ASA version 9.x or later, ASDM version 7.x or later
Description: In this article, we will discuss the stepwise method of how to resolve the issue if syslog or logging messages have a different time than the Cisco ASA time. Considering the NTP has been setup properly but the timestamp on syslog is not working properly.

Problem

Sometimes it happens that the time on the syslog or logging messages on ASDM or CLI is found to be different from the set time on the ASA as per the NTP [Network Time Protocol]. Cisco ASA Firewalls still log the messages but with different or wrong time as shown below.

Nov 24 2022 06:23:23 edledge-asa %ASA-5-746015: user-identity: [FQDN] download.windowsupdate.com resolved 8.253.150.254
Nov 24 2022 06:23:23 edledge-asa %ASA-5-746015: user-identity: [FQDN] download.windowsupdate.com resolved 8.247.119.254
Nov 24 2022 06:23:23 edledge-asa %ASA-5-746015: user-identity: [FQDN] download.windowsupdate.com resolved 8.240.5.126
Nov 24 2022 06:23:23 edledge-asa %ASA-5-746015: user-identity: [FQDN] download.windowsupdate.com resolved 67.27.115.254
Nov 24 2022 06:23:23 edledge-asa %ASA-5-746015: user-identity: [FQDN] download.windowsupdate.com resolved 8.252.0.126
Nov 24 2022 06:23:23 edledge-asa %ASA-5-746014: user-identity: [FQDN] download.windowsupdate.com address 104.98.115.136 obsolete
Nov 24 2022 06:23:23 edledge-asa %ASA-3-746016: user-identity: DNS lookup for wustat.windows.com failed, reason:Timeout or unresolvable
edledge-asa# sh clock
08:43:05.852 IST Thu Mar 23 2023

Here you could see the ASA is running on the time 08:43 IST Thu Mar 23 2023 but syslog messages have the timestamped as Nov. 24, 2022.

Solution

To solve this issue you would need to enable logging timestamp. We can do this by both CLI [Command Line Interface] and GUI [Graphical User Interface] methods. The stepwise method of enabling timestamp is mentioned below.

Knowledge_Check_Cisco_01

1 / 5

What are the two types of packet capture in Cisco ASA?

2 / 5

What is the default buffer size of Cisco ASA PCAP?

3 / 5

How many interfaces in Cisco ASA can have same route map?

4 / 5

Does Cisco ASA supports PPPoE link?

5 / 5

How many 10 Gig ports are available in Cisco 5508-X ASA?

Your score is

The average score is 60%

0%

CLI Method [SSH]

Step1: Login
SSH onto the Cisco ASA using username and password.

SSH 10.1

Step2: Enable Timestamp
Run the command shown below the enable timestamp.

edledge-asa#
edledge-asa# conf t
edledge-asa(config)# logging timestamp
edledge-asa(config)# exit
edledge-asa#

Step3: Save
Save the configuration

edledge-asa# wr
Building configuration...
Cryptochecksum: 845e144f f45e143e 945e144f 945e144f

3384 bytes copied in 0.170 secs
[OK]

This should resolve the timestamp issue of syslog or logging messages.

GUI Method [ASDM]

Step1: Login
Login onto the Cisco ASA via ASDM.

ASA ASDM Login

Step2: Logging
Navigate to “Configuration => Device Management => Logging => Syslog Setup“. Follow the steps as shown below in the image.

cisco_asa_syslog_setup

Step3: Enable Timestamp
Enable logging timestamp as shown below in the image.

cisco_asa_syslog_timestamp

Step4: Apply & Save
Click “Apply” to execute the changes and “Save” to save the configuration.

Syslog timestamp issue should have been fixed now.

Other topics on Cisco ASA/Firewall

SourceKnowledge Base, Internet, Cisco

EA00136

Leave a Reply

Your email address will not be published. Required fields are marked *