09-23-2009 10:03 AM - edited 03-11-2019 09:19 AM
Management wants to track our xlate table (NAT) history. The ASA does not seem to have the CISCO-IETF-NAT-MIB SNMP MIB and there do not seem to be any SNMP traps generated by xlate entry creation to removal, so the only way to do this seems to be to just log in to the box with an expect script and capture the output of "show xlate" every hour or so.
Has anyone come up with a better approach than this for the ASA? Thanks -w
09-23-2009 10:58 AM
I am not sure if there is an OID for this.
If you are looking to archive the x-late creation perhaps you can save the syslogs
Sep 23 2009 14:53:00: %ASA-6-305011: Built dynamic TCP translation from inside:192.168.2.2/3498 to outside:172.18.254.34/8779
The following in particular for building translation for a particular host on the inside to the outside.
Here is the syslog link for the ASA 7.2
http://www.cisco.com/en/US/docs/security/asa/asa72/system/message/syslog.html
09-23-2009 02:04 PM
Thanks for finding those syslog messages for me - I was searching for "NAT", "xlate" ,etc. I'm going to keep using expect. To get those entries logged I'd have to enable Info-level syslog and that is just too much stuff. Doesn't look like I can override individual messages on with "logging message 305011" like I can disable them with "no logging message 305011".
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: