Cisco ASA uses the names command to enable the ability to association a name with an IP address. Once you use the names command you can then use the name command to identify a host by a text name and map text strings to IP addresses. This sounds great because who can remember all the IP addresses accosiated with hosts in your network. There are some gotchas to look out for.

If you hate the lenght of your config when you do a show run command, just wait until you start using the name command.  The name entries are usally added to the top of the config and add a ton of lines to filter through. You could use the command:


     show run | exclude name


This command would not display the name entries; however you would also miss any other config lines like:

     hostame ciscoasa
     domain-name showcrypto.com

I think you get the picture. Cisco should add an option to display the config without name entries. The other annoyance I have with the names command is it's default behavior of using name values in logging.  Syslog now contains name values instead of IP addresses. Usually when I search through syslog events I do it by IP address and not by the name value in my ASA config.  To revert back to IP addresses in your logging events use this command:

     no names

If you get complteley fed up with names you can issue the following command:

     clear configure name

I just completed an upgrade of my ASA from 8.0.4 to 8.2.1. It took me a week to realize logging was broken. My ASA was configured to send any notification events and lower to my syslog server.  I also set notification logging on all ACL's. After the upgrade no ACL hits were being sent to the syslog server.

After opening a ticket with TAC they pointed me to this work around:

logging list mylist level notifications

logging list mylist message 106100

logging trap mylist

Message 106100 are messages from ACL hits. This work around is pretty good because I can add additional informational messages individually.  There are a lot of SSL-VPN informational messages that I like to capture for reporting purposes.

Bug Toolkit info:

access-list logging prints 106100 syslog always at informational level

Symptom:

Logging message 106100 always prints at level informational. As a result, logging message 106100 is not printed when logging level is set to lower than informational for both access-list and logging configuration