Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
251
Views
4
Helpful
2
Replies

debug/log for security rule

tato386
Level 6
Level 6

‎04-15-2008 12:50 PM - edited ‎03-11-2019 05:31 AM

I have a security rule that prevents outbound SMTP connections from LAN IPs. This rule was inserted because it seems we have some infected PCs that are trying to send mail. Is there a way I can see what IPs are being denied the outbound SMTP so I can find and clean-up the PCs?

Rgds,

Diego

Labels:
0 Helpful
2 Replies 2

Jon Marshall
Hall of Fame
Hall of Fame

‎04-15-2008 01:19 PM

Diego

Yes, you need to enable logging on the firewall (assuming it's a firewall). Packets being denied are logged at severity level 3 - see attached link.

http://www.cisco.com/en/US/docs/security/pix/pix63/system/message/pixemsgs.html#wp1159278

You can either view the logs in the firewall buffer or better yet configure the firewall to send the logs to a syslog server if you have one.

Jon

tato386
Level 6
Level 6
In response to Jon Marshall

‎04-15-2008 01:33 PM

If I use syslog is there a way of sending just the denies of the one rule to the syslog server? If not, and the ASA sends all data to the syslog I would think that sorting thru the logs for only the denies of this one particular rule would be quite a mission.

Thanks,

Diego

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card