ASA access list's logging

Unanswered Question
Sep 23rd, 2008
User Badges:


I have ASA firewalls from which I need logs collected from few ACL rules.

logging enable

logging timestamp

logging console errors

logging buffered notifications

logging trap informational

logging asdm informational

logging facility 22

logging host inside

access-list access_out extended permit ip any any log debugging interval 300

I have this logging configuration and the a access rule to log all connections. But I dont get any logs from this access list rule or this access list. The only log I get is Built/Teardown log and some system notifications.

What is missing here, I want to get "access-list" log for connections hitting this ACL rule.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
dominic.caron Wed, 09/24/2008 - 05:04
User Badges:
  • Silver, 250 points or more

In your ACL, you set the log level to debugging...

Your ASA is not configure to log any message of that level. Let's say you want to send the log in the buffer, you would need to configure:

logging buffered debugging

innetsecwork Wed, 09/24/2008 - 06:30
User Badges:


Thanks for the reply.

The ACL is set to debug level, and I am looking for logs to come on the syslog server, not just in the buffer.

So I am not sure what else I need to add in it.


suschoud Wed, 09/24/2008 - 11:10
User Badges:
  • Gold, 750 points or more

Put in :

logg trap 7

Should work then.

Do rate helpful posts.



cisco24x7 Wed, 09/24/2008 - 11:35
User Badges:
  • Silver, 250 points or more

Why do you need "logging trap 7"? I thought

"logging trap 6" will send ACL log to the syslog


I have a couple of Pix firewalls that send

ACL logs to Linux syslog server with "logging

trap 6" in the configuration.


This Discussion