cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3971
Views
0
Helpful
2
Replies

Real-Time log viewer does not work with filter from accesslist

erik
Level 1
Level 1

Hi,

Our ASA 5510 is currently running 8.0(4) with ASDM version 6.2(1).

While going through (using ASDM) our access rules I found a rule giving me more hits than I found normal. I therefore wanted to inspect which packets that were being accepted through that access rule so I right-clicked the access rule and selected "Show Log".

The "Real-Time Log Viewer" windows apperes and "Filter by" is auto-filled with "0x40cf6367". Even though I see that number of packets increasing in the ASDM,  the log shows no rows. If I click the button "Show all" I see all packets running through our ASA5510. Based on that I guess that my "global" log settings for ASDM is correct.

PS: The global ASDM setting is set to "Debugging" so it shouldnt be a severity filter blocking my packets in the Real-Time Log Viewer.

Is this a known bug, or is it me misunderstanding the purpose of "Show Log"?

Thank you for any assistance,

Regards,

Erik

1 Accepted Solution

Accepted Solutions

mirober2
Cisco Employee
Cisco Employee

Hi Erik,

On the Configuration > Firewall > Access Rules page, if you scroll over a bit what does it say in the "Logging" field for that ACE? If it's blank, edit the ACE and set the "Logging Level" drop-down to something like "Informational". Then apply your changes and repeat your test. You should see events in the Real-Time viewer now.

By default, the "Default" option for the "Logging Level" drop-down will not log hits for a 'permit' ACE (you should see 'deny' hits, though). When you set the "Logging Level" to something else (i.e. informational), it adds the 'log' keyword to the ACE on the CLI. The log messages generated by this keyword are what you will see in the Real-Time viewer when traffic is permitted by an ACE.

Hope that helps.

-Mike

View solution in original post

2 Replies 2

mirober2
Cisco Employee
Cisco Employee

Hi Erik,

On the Configuration > Firewall > Access Rules page, if you scroll over a bit what does it say in the "Logging" field for that ACE? If it's blank, edit the ACE and set the "Logging Level" drop-down to something like "Informational". Then apply your changes and repeat your test. You should see events in the Real-Time viewer now.

By default, the "Default" option for the "Logging Level" drop-down will not log hits for a 'permit' ACE (you should see 'deny' hits, though). When you set the "Logging Level" to something else (i.e. informational), it adds the 'log' keyword to the ACE on the CLI. The log messages generated by this keyword are what you will see in the Real-Time viewer when traffic is permitted by an ACE.

Hope that helps.

-Mike

Thank you Mike

Regards,

Erik

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: