Be alerted when a ASA rule is activated?

Unanswered Question
Jun 18th, 2010
User Badges:

Hello,


Can I be alerted when a rule is used on my ASA 5520?  I do have a syslog server, but don't know how to getthis alert in there or if it's the best way?


Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jennifer Halim Fri, 06/18/2010 - 07:40
User Badges:
  • Cisco Employee,

If you have the "log" keyword at the end of your access-list, it will be logged as a syslog message. It's syslog message# 106100:

http://www.cisco.com/en/US/docs/security/asa/asa80/system/message/logmsgs.html#wp4769049


You can send those syslog messages to a syslog server.


Example:

logging enable

logging list acl-list message 106100-106100

logging trap acl-list

logging host


Hope that helps.

David White Fri, 06/18/2010 - 11:45
User Badges:
  • Cisco Employee,

Additionally, you can send that specific syslog out as an e-mail from the ASA.  It just depends what you are looking for.


Let us know if this answers your question, or if you have a follow-up.


Sincerely,


David.

Actions

This Discussion