isolate logs on an access-list on asa

Unanswered Question
Sep 7th, 2008

is it possible to isolate the logs of an access-list on asa?


access-list ACL permit ip host hostA host hostB

access-list ACL permit ip any any

in here, i want to know what are the traffic flowing on the second line of my access-list (permit ip any any).


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.7 (3 ratings)
dgiraud Sun, 09/07/2008 - 16:14

maybe something like :

access-list ACL permit ip host hostA host hostB log

access-list ACL permit ip any any log

but I'd rather put

access-list ACL permit tcp any any log

access-list ACL permit udp any any log

etc ..

hope it helps

suschoud Mon, 09/08/2008 - 07:46


Put in the log option at the end of acl for which you want to log traffic.

access-list ACL permit ip any any log

Set up a syslog server to which the syslogs would be sent.There,you can search for " access-list " or " hitcnt " for the relevant syslogs explaining what traffic was permitted by the acl.



suschoud Mon, 09/08/2008 - 07:47

Here are the steps for setting up the syslog server.

First you would need to install a syslog server software on one of the computers. You may

download one of the popular kiwisyslog server from . It is listed as Kiwi

Syslog Daemon and latest version is 8.2.8. You may download standard edition that runs as

a program.

Once the syslog server is installed you will then need to login into the ASA in

configuration terminal mode and enter the following commands.

logging host [in_if_name] ip_address

(example: logging host inside

We are assuming syslog server is installed on computer with IP address in the

inside network.)

logging timestamp

logging trap 4

logging on

These commands will enable the ASA to start sending syslog messages to the syslog server.

For more information on logging commands you may refer to this URL:



Trap levels

.0-emergencies-System unusable messages

.1-alerts-Take immediate action

.2-critical-Critical condition

.3-errors-Error message

.4-warnings-Warning message

.5-notifications-Normal but significant condition

.6-informational-Information message

.7-debugging-Debug messages and log FTP commands and WWW URLs

cfajardo1_2 Tue, 09/09/2008 - 11:19


so do i still need to put the log option after the ACE. I wanted only a particular ACE logs to be sent to the syslog server...


suschoud Tue, 09/09/2008 - 11:27

Yes,that is correct....

Please rate if helpful.




This Discussion