filtering logs in ASA firewall

Unanswered Question
Dec 22nd, 2008

Hi Team,

Is there any way to send specific source and destination based traffic to my syslog server.

i want to monitore only specific traffic going through the firewall.



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 2.5 (2 ratings)
John Blakley Mon, 12/22/2008 - 06:51

You can set your logging level, and then selectively tell it not to send certain logs to the syslog server with:

no logging message 31057

The 31057 is the message number that will be in your ASA logs. It will still log the message in the buffer, but it won't trap it to the syslog server.



*please rate all helpful posts*

Sec IT Mon, 12/22/2008 - 07:17

I mean to say " I want only certain source and destination based logs only" to be logged in syslog server.

John Blakley Mon, 12/22/2008 - 07:20

Okay, you won't be able to do this on the ASA. You'll need to filter results on source and destination on your syslog server. The ASA will log every hit from the logging level that you specify and below. You wouldn't, say, be able to create an ACL to log only hits that match it (although this would be nice).



*please rate if helpful*

Sec IT Tue, 12/23/2008 - 22:26

Thank John..

You meant to say in PIX/ASA firewall its not possible.


This Discussion