Monitor outbound smtp traffic on ASA 5510

Unanswered Question
Dec 17th, 2009

Hello folks -

I would like to monitor all outbound SMTP traffic from my ASA 5510. Currently, there are no access lists applied to the inside interface for outbound traffic. Everything from inside to outside is allowed.

What would be the best way for me to do so?

Thanks for your help!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
PAUL GILBERT ARIAS Thu, 12/17/2009 - 15:19

In what way you want to monitor?

If you want to see if traffic is being inspected by the ASA you can use the command:

sh service-policy
It will show:

Inspect: esmtp _default_esmtp_map, packet 290, drop 0, reset-drop 0

If you want to see the traffic on a syslog server you can do the following:

access-l inside permit tcp any any eq 25 log 4 interval 1

access-l inside permit ip any any

access-g inside in interface inside

Then you will need to set up a syslog server using the commands:


logg on

logg trap 4

logg host inside x.x.x.x ------> this will be the ip of the host with the syslog server

This ACL will logg basically all the mail traffic that passes from inside to outside. You will get information about the source and destination.

Actions

This Discussion