logging on ACLs - problem with deny ACEs

Unanswered Question
Sep 15th, 2010

I discovered that recently our FWSM does not want to log deny-flows any more.

Whenever I want a certain ACE to be logged, I enable the logging with the alert level - and it gets Syslogged.

Configuration used:

---

BE01NF31/UNIVEG# sh run log

logging enable

logging timestamp

logging list ErLst level alerts

logging list ErLst message 106100

logging buffer-size 16384

logging trap ErLst

logging asdm ErLst

logging host FW_Ext BE01S514

logging permit-hostdown

logging class config trap warnings

logging class ip trap alerts

---

Whenever I log a 'permit' ACE, it works fine, but when I want to log a 'deny' ACE, nothing is sent to the Syslog server.

What can cause this behaviour? What can I check?

Thanks !!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jennifer Halim Fri, 09/24/2010 - 06:20

There is a possibility that you might be hitting the maximum number of ACL log deny-flows via syslog message# 106101:

http://www.cisco.com/en/US/docs/security/fwsm/fwsm32/system/message/logmsgs.html#wp1727742

However since you are only sending syslog message# 106100 to your syslog server, you are not seeing the other syslog messages that might give you an explaination on why you are not seeing the deny logs.

Hope that helps.

Actions

This Discussion