Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
282
Views
0
Helpful
2
Replies

Be alerted when a ASA rule is activated?

Andy White
Level 3
Level 3

‎06-18-2010 01:12 AM - edited ‎03-11-2019 11:00 AM

Hello,

Can I be alerted when a rule is used on my ASA 5520?  I do have a syslog server, but don't know how to getthis alert in there or if it's the best way?

Thanks

Labels:
0 Helpful
2 Replies 2

Jennifer Halim
Cisco Employee
Cisco Employee

‎06-18-2010 07:40 AM

If you have the "log" keyword at the end of your access-list, it will be logged as a syslog message. It's syslog message# 106100:

http://www.cisco.com/en/US/docs/security/asa/asa80/system/message/logmsgs.html#wp4769049

You can send those syslog messages to a syslog server.

Example:

logging enable

logging list acl-list message 106100-106100

logging trap acl-list

logging host

Hope that helps.

0 Helpful

David White
Cisco Employee
Cisco Employee
In response to Jennifer Halim

‎06-18-2010 11:45 AM

Additionally, you can send that specific syslog out as an e-mail from the ASA.  It just depends what you are looking for.

Let us know if this answers your question, or if you have a follow-up.

Sincerely,


David.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card