Log Access List - External syslog

Answered Question
Feb 25th, 2009

Hi All,

Has anyone ever setup their ASA to log to an external server what traffic is going flowing thorough access-lists?

I dont want to have to analyse the traffic with capture as i would prefer to let the logs build up over a couple of weeks.

I want to harden rule base as IP is allowed between various networks. To achieve this succesfully I want to log the access-lists externally so I dont miss any tcp/udp ports etc

Thanks

I have this problem too.
0 votes
Correct Answer by vikram_anumukonda about 7 years 9 months ago

the "test" is like a filter for what messages one wants to see on the syslog server.

the below link should help you understand better

http://www.cisco.com/en/US/docs/security/asa/asa72/system/message/logmsgs.html#wp1279924

darkbeatz,

you can add the keyword "log" to any number of ACE's in your ACL and analyze it on the syslog.

HTH

Vikram

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
vikram_anumukonda Wed, 02/25/2009 - 04:37

do these steps

1) logging on

2) logging list test message 106100

3) logging trap test

4) logging host <> x.x.x.x

106100 - gives you ports and protocols for the permitted traffic , I have tried this config by having an " access-list inside permit ip any any log " to analyze what kind of traffic is traversing the firewall.

you can find the complete list of syslog message numbers here

http://www.cisco.com/en/US/docs/security/asa/asa72/system/message/syslog.html

HTH

Vikram

darkbeatzz Wed, 02/25/2009 - 04:54

Thanks Vikram.

Does test in this command refer to an access-list called test?

darkbeatzz Wed, 02/25/2009 - 06:34

let me be more clear.

Does the logging analyse all access-lists on the firewall or can I specifically monitor each acl

thanks

Actions

This Discussion