I am working on a client site today. The client has an ACL applied to the WAN interface of their ASA in an inbound direction, which is not uncommon. The last line of the ACL has an ACE that reads
"access-list WAN_access_in_1 line 45 extended permit ip any any log debugging interval 300"
What I am unclear about is where the logging occurs. I explained to the IT Admin on site that they may not want to have ip permit any any, and that if we figured out what that traffic that was matching that ACE was, we could just write a rule for it. So I wanted to examine the logs since logging is enabled on that ACE so I could see where the traffic was coming from.
I looked at the log buffer, but there is not data in the log before with respect to the ACE. Where would it be logging to based on the statement? There is not a syslog server at this client, so it has to be either the log buffer or the ASDM log I think...?
Also what does the interval 300 mean in the ACE?