Globally setting all ACLS to log

Unanswered Question
May 24th, 2010

We currently receive syslogs (informational) for all connections but have recently deployed an auditing tool that requires that each ACL also be set to log. Is there a way to globally set all ACLs to log?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Federico Coto F... Mon, 05/24/2010 - 10:22

Hi,

Are you referring to an ASA?

In the ASA you can set the ''log'' keyword at the end of the statement to generate a log for that line. This must be done on all ACEs in the ACL.

Also, you can set the alert-interval for those logs (access-list alert-interval)

Federico.

jeromecandiff Mon, 05/24/2010 - 10:25

Thank you for the reply. The issue that we are having is that we currently manage hundreds of ASA's , each with hundreds of ACE's per

ACL. Is there a way to globally set each ACE to log without redoing every single ACL?

Federico Coto F... Mon, 05/24/2010 - 10:30

I don't think there's a way to globally enable logging for all the ACLs on the ASA itself, because you normall want to do this on specific ACEs.

However if you use Cisco Security Monitor you might be able to inject such a policy to all ASAs simultaneously.

Federico.

Actions

This Discussion