filtering logs in ASA firewall

Unanswered Question
Dec 22nd, 2008
User Badges:

Hi Team,


Is there any way to send specific source and destination based traffic to my syslog server.


i want to monitore only specific traffic going through the firewall.


regards

PVK

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 2.5 (2 ratings)
Loading.
John Blakley Mon, 12/22/2008 - 06:51
User Badges:
  • Purple, 4500 points or more

You can set your logging level, and then selectively tell it not to send certain logs to the syslog server with:


no logging message 31057


The 31057 is the message number that will be in your ASA logs. It will still log the message in the buffer, but it won't trap it to the syslog server.


HTH,


John


*please rate all helpful posts*


Sec IT Mon, 12/22/2008 - 07:17
User Badges:

I mean to say " I want only certain source and destination based logs only" to be logged in syslog server.


John Blakley Mon, 12/22/2008 - 07:20
User Badges:
  • Purple, 4500 points or more

Okay, you won't be able to do this on the ASA. You'll need to filter results on source and destination on your syslog server. The ASA will log every hit from the logging level that you specify and below. You wouldn't, say, be able to create an ACL to log only hits that match it (although this would be nice).


HTH,


John


*please rate if helpful*

Sec IT Tue, 12/23/2008 - 22:26
User Badges:

Thank John..

You meant to say in PIX/ASA firewall its not possible.


Actions

This Discussion