04-15-2008 12:50 PM - edited 03-11-2019 05:31 AM
I have a security rule that prevents outbound SMTP connections from LAN IPs. This rule was inserted because it seems we have some infected PCs that are trying to send mail. Is there a way I can see what IPs are being denied the outbound SMTP so I can find and clean-up the PCs?
Rgds,
Diego
04-15-2008 01:19 PM
Diego
Yes, you need to enable logging on the firewall (assuming it's a firewall). Packets being denied are logged at severity level 3 - see attached link.
http://www.cisco.com/en/US/docs/security/pix/pix63/system/message/pixemsgs.html#wp1159278
You can either view the logs in the firewall buffer or better yet configure the firewall to send the logs to a syslog server if you have one.
Jon
04-15-2008 01:33 PM
If I use syslog is there a way of sending just the denies of the one rule to the syslog server? If not, and the ASA sends all data to the syslog I would think that sorting thru the logs for only the denies of this one particular rule would be quite a mission.
Thanks,
Diego
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide