05-24-2010 09:57 AM - edited 03-11-2019 10:49 AM
We currently receive syslogs (informational) for all connections but have recently deployed an auditing tool that requires that each ACL also be set to log. Is there a way to globally set all ACLs to log?
05-24-2010 10:22 AM
Hi,
Are you referring to an ASA?
In the ASA you can set the ''log'' keyword at the end of the statement to generate a log for that line. This must be done on all ACEs in the ACL.
Also, you can set the alert-interval for those logs (access-list alert-interval)
Federico.
05-24-2010 10:25 AM
Thank you for the reply. The issue that we are having is that we currently manage hundreds of ASA's , each with hundreds of ACE's per
ACL. Is there a way to globally set each ACE to log without redoing every single ACL?
05-24-2010 10:30 AM
I don't think there's a way to globally enable logging for all the ACLs on the ASA itself, because you normall want to do this on specific ACEs.
However if you use Cisco Security Monitor you might be able to inject such a policy to all ASAs simultaneously.
Federico.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide