I'm currently using an ASA 5540 with several basic access lists. I'm attempting to view the hit counts on a particular access list, specifically the 'deny any any' on the outside interface. Now, I can actually see the hit counts themselves increasing by either running the 'sh acces list' or by viewing the ASDM under Configuration/Firewall/Access Rules. The 'deny any any' acl is set to 'log informational', so I can see the hit counts increasing with each failed attempt to reach the outside interface. What I *want* to see is all failed traffic that is attempting to access that interface.Not just the hit counts themselves, but what those hits actually are.
Here are my log settings on the firewall currently
logging buffer-size 10000
logging monitor errors
logging buffered informational
logging trap notifications
logging asdm informational
A few more details may be important: The outside interface is open from only one specific source IP. And it's only allowing in a custom TCP port, we'll call it TCP 56128. All is fine and well with that, as it works like it should.
So when I attempt to access the outside interface from an unallowed port like say, icmp, http, https, smtp, ftp, telnet, dns, ldap, netbios, or RDP, the real time log veiwer shows the failed attempt. Great!
BUT, when I try to access that outside interface from a different port that is not allowed like tftp or kerberos or a random tcp port like 56128, it does not log it. The hit count increases, but I don't see what the heck it is.
Am I missing something? Is there a way to tell the ASA "when you see this TCP port fail to reach the outside interface, show it in the log viewer"?
Thanks in advance!