09-07-2008 09:19 AM - edited 03-11-2019 06:40 AM
is it possible to isolate the logs of an access-list on asa?
ex.
access-list ACL permit ip host hostA host hostB
access-list ACL permit ip any any
in here, i want to know what are the traffic flowing on the second line of my access-list (permit ip any any).
thanks
09-07-2008 04:14 PM
maybe something like :
access-list ACL permit ip host hostA host hostB log
access-list ACL permit ip any any log
but I'd rather put
access-list ACL permit tcp any any log
access-list ACL permit udp any any log
etc ..
hope it helps
09-08-2008 07:46 AM
Hi,
Put in the log option at the end of acl for which you want to log traffic.
access-list ACL permit ip any any log
Set up a syslog server to which the syslogs would be sent.There,you can search for " access-list " or " hitcnt " for the relevant syslogs explaining what traffic was permitted by the acl.
Regards,
Sushil
09-08-2008 07:47 AM
Here are the steps for setting up the syslog server.
First you would need to install a syslog server software on one of the computers. You may
download one of the popular kiwisyslog server from
http://www.kiwisyslog.com/software_downloads.htm . It is listed as Kiwi
Syslog Daemon and latest version is 8.2.8. You may download standard edition that runs as
a program.
Once the syslog server is installed you will then need to login into the ASA in
configuration terminal mode and enter the following commands.
logging host [in_if_name] ip_address
(example: logging host inside 1.2.3.4
We are assuming syslog server is installed on computer with IP address 1.2.3.4 in the
inside network.)
logging timestamp
logging trap 4
logging on
These commands will enable the ASA to start sending syslog messages to the syslog server.
For more information on logging commands you may refer to this URL:
http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_refer
ence_chapter09186a008010578b.html#1028090
----------------------------------------------------------------------------------
Trap levels
.0-emergencies-System unusable messages
.1-alerts-Take immediate action
.2-critical-Critical condition
.3-errors-Error message
.4-warnings-Warning message
.5-notifications-Normal but significant condition
.6-informational-Information message
.7-debugging-Debug messages and log FTP commands and WWW URLs
09-09-2008 11:19 AM
hi,
so do i still need to put the log option after the ACE. I wanted only a particular ACE logs to be sent to the syslog server...
thanks
09-09-2008 11:27 AM
Yes,that is correct....
Please rate if helpful.
Regards,
Sushil.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide