cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
506
Views
14
Helpful
5
Replies

isolate logs on an access-list on asa

cfajardo1_2
Level 1
Level 1

is it possible to isolate the logs of an access-list on asa?

ex.

access-list ACL permit ip host hostA host hostB

access-list ACL permit ip any any

in here, i want to know what are the traffic flowing on the second line of my access-list (permit ip any any).

thanks

5 Replies 5

dgiraud
Level 1
Level 1

maybe something like :

access-list ACL permit ip host hostA host hostB log

access-list ACL permit ip any any log

but I'd rather put

access-list ACL permit tcp any any log

access-list ACL permit udp any any log

etc ..

hope it helps

suschoud
Cisco Employee
Cisco Employee

Hi,

Put in the log option at the end of acl for which you want to log traffic.

access-list ACL permit ip any any log

Set up a syslog server to which the syslogs would be sent.There,you can search for " access-list " or " hitcnt " for the relevant syslogs explaining what traffic was permitted by the acl.

Regards,

Sushil

suschoud
Cisco Employee
Cisco Employee

Here are the steps for setting up the syslog server.

First you would need to install a syslog server software on one of the computers. You may

download one of the popular kiwisyslog server from

http://www.kiwisyslog.com/software_downloads.htm . It is listed as Kiwi

Syslog Daemon and latest version is 8.2.8. You may download standard edition that runs as

a program.

Once the syslog server is installed you will then need to login into the ASA in

configuration terminal mode and enter the following commands.

logging host [in_if_name] ip_address

(example: logging host inside 1.2.3.4

We are assuming syslog server is installed on computer with IP address 1.2.3.4 in the

inside network.)

logging timestamp

logging trap 4

logging on

These commands will enable the ASA to start sending syslog messages to the syslog server.

For more information on logging commands you may refer to this URL:

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_refer

ence_chapter09186a008010578b.html#1028090

----------------------------------------------------------------------------------

Trap levels

.0-emergencies-System unusable messages

.1-alerts-Take immediate action

.2-critical-Critical condition

.3-errors-Error message

.4-warnings-Warning message

.5-notifications-Normal but significant condition

.6-informational-Information message

.7-debugging-Debug messages and log FTP commands and WWW URLs

hi,

so do i still need to put the log option after the ACE. I wanted only a particular ACE logs to be sent to the syslog server...

thanks

Yes,that is correct....

Please rate if helpful.

Regards,

Sushil.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: