debug/log for security rule

Unanswered Question
Apr 15th, 2008
User Badges:

I have a security rule that prevents outbound SMTP connections from LAN IPs. This rule was inserted because it seems we have some infected PCs that are trying to send mail. Is there a way I can see what IPs are being denied the outbound SMTP so I can find and clean-up the PCs?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Jon Marshall Tue, 04/15/2008 - 13:19
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN


Yes, you need to enable logging on the firewall (assuming it's a firewall). Packets being denied are logged at severity level 3 - see attached link.

You can either view the logs in the firewall buffer or better yet configure the firewall to send the logs to a syslog server if you have one.


DIEGO ALONSO Tue, 04/15/2008 - 13:33
User Badges:

If I use syslog is there a way of sending just the denies of the one rule to the syslog server? If not, and the ASA sends all data to the syslog I would think that sorting thru the logs for only the denies of this one particular rule would be quite a mission.




This Discussion