Has anyone ever setup their ASA to log to an external server what traffic is going flowing thorough access-lists?
I dont want to have to analyse the traffic with capture as i would prefer to let the logs build up over a couple of weeks.
I want to harden rule base as IP is allowed between various networks. To achieve this succesfully I want to log the access-lists externally so I dont miss any tcp/udp ports etc
the "test" is like a filter for what messages one wants to see on the syslog server.
the below link should help you understand better
you can add the keyword "log" to any number of ACE's in your ACL and analyze it on the syslog.