09-07-2008 09:19 AM - edited 03-11-2019 06:40 AM
is it possible to isolate the logs of an access-list on asa?
ex.
access-list ACL permit ip host hostA host hostB
access-list ACL permit ip any any
in here, i want to know what are the traffic flowing on the second line of my access-list (permit ip any any).
thanks
09-07-2008 04:14 PM
maybe something like :
access-list ACL permit ip host hostA host hostB log
access-list ACL permit ip any any log
but I'd rather put
access-list ACL permit tcp any any log
access-list ACL permit udp any any log
etc ..
hope it helps
09-08-2008 07:46 AM
Hi,
Put in the log option at the end of acl for which you want to log traffic.
access-list ACL permit ip any any log
Set up a syslog server to which the syslogs would be sent.There,you can search for " access-list " or " hitcnt " for the relevant syslogs explaining what traffic was permitted by the acl.
Regards,
Sushil
09-08-2008 07:47 AM
Here are the steps for setting up the syslog server.
First you would need to install a syslog server software on one of the computers. You may
download one of the popular kiwisyslog server from
http://www.kiwisyslog.com/software_downloads.htm . It is listed as Kiwi
Syslog Daemon and latest version is 8.2.8. You may download standard edition that runs as
a program.
Once the syslog server is installed you will then need to login into the ASA in
configuration terminal mode and enter the following commands.
logging host [in_if_name] ip_address
(example: logging host inside 1.2.3.4
We are assuming syslog server is installed on computer with IP address 1.2.3.4 in the
inside network.)
logging timestamp
logging trap 4
logging on
These commands will enable the ASA to start sending syslog messages to the syslog server.
For more information on logging commands you may refer to this URL:
http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_refer
ence_chapter09186a008010578b.html#1028090
----------------------------------------------------------------------------------
Trap levels
.0-emergencies-System unusable messages
.1-alerts-Take immediate action
.2-critical-Critical condition
.3-errors-Error message
.4-warnings-Warning message
.5-notifications-Normal but significant condition
.6-informational-Information message
.7-debugging-Debug messages and log FTP commands and WWW URLs
09-09-2008 11:19 AM
hi,
so do i still need to put the log option after the ACE. I wanted only a particular ACE logs to be sent to the syslog server...
thanks
09-09-2008 11:27 AM
Yes,that is correct....
Please rate if helpful.
Regards,
Sushil.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: