cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
981
Views
5
Helpful
10
Replies

Log doubt

Tauer Drumond
Level 1
Level 1

Hi...

I have an ASA 5540, and im testing the logginng.

When I telnet (port 23) my internal interface, the log shows me that the connection was denied. All rigth.

But, when I telnet with another port, for example 5858, the log doesn't show me anything.

Why?

Is this a normal behavior?

Thanks

1 Accepted Solution

Accepted Solutions

Yes you are absolutely correct. The 710005 messages will only be seen if you are logging at the "debugging" (7) level. Your ASDM logging is set to the "informational" (6) level. You'll need to issue the following command:

ASA(config)# logging asdm debugging

Give that a try and let me know if it works.

-Mike

View solution in original post

10 Replies 10

Hi,

I am assuming the syslog message that you're referring to is %ASA-3-710003. According to the ASA syslog documentation:

"This message is displayed when the security appliance denies an attempt to connect to the interface service."

So, I think that we will only see %ASA-3-710003 messages for attempted connections on ports that the firewall is running a particular service on (i.e. 21, 23, 80, 443). For other ports, such as 5858, you'll see %ASA-7-710005 messages instead.

Hope that helps.

-Mike

Hi, Robertson and Farrukh

when I telnet (port 23) I see 710003 denied access..ok.

But when I telnet with another port, I didn't see the 710005, like you said.

I'm loggining at Debugging level at ASDM

Farrukh Haroon
VIP Alumni
VIP Alumni

At what level are you logging (check this with the show logging output). It could be the other syslogs are at a higher level. The ASA generates a syslog for each permit/deny (at least on the first packet of each flow) even tough this could be indicated through different syslog messages/levels

Regards

Farrukh

Hi, Robertson and Farrukh

when I telnet (port 23) I see 710003 denied access..ok.

But when I telnet with another port, I didn't see the 710005, like you said.

I'm loggining at Debugging level at ASDM

Ok you won't see 710005, but you will see another syslog.

Regards

Farrukh

Hi Farrukh,

is it possible to see 710005?

Thanks

Hi,

You should see 710005 if you are logging at the debugging level.

Could you post the output of 'show run | inc logging' from your ASA?

-Mike

Hi Mike...

see output:

logging enable

logging monitor informational

logging trap informational

logging asdm informational

logging host LAN 172.x.x.x

I think I figured the error. Should the configuration be seted to "debugging"???

Yes you are absolutely correct. The 710005 messages will only be seen if you are logging at the "debugging" (7) level. Your ASDM logging is set to the "informational" (6) level. You'll need to issue the following command:

ASA(config)# logging asdm debugging

Give that a try and let me know if it works.

-Mike

Hi Mike...

Now its working fine...I can see ASA denying my telnet connection at port 5858.

Thanks you...

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: