I ran today into a big problem with configuring an TCP syslog server on an Cisco ASA.
logging host "interface_name" "server_ip" tcp/514
After I put in the configuration and someone from the server administration restarted the syslog server and suddenly the whole communication through the ASA stopped working completely.
I saw the following messages in the ADSM and quickly realised that this could be only caused by the TCP logging configuration.
%ASA-3-201008: Disallowing new connections
I didn’t looked before if the feature is disabled to block new connections when a TCP-connected syslog server is down. This is very important that you disable the feature before you configure TCP syslog servers otherwise you ran into the same problem like me.
Here the command to disable the feature:
logging permit-hostdown
In my case I just forgot to check before and will definitively remember for the next time 😉