01-02-2013 12:43 PM - edited 03-11-2019 05:42 PM
Hi,
We having FWSM running ver 4.1.11. We have configured deny ACEs with log command at the end of ACL but when give show logging, there is no any deny ACL logs and it shows simply only the system logs. We verified with changing logging buffered level with informational/notification/debugging still could not see any denies against ACL. when given show access-list <acl-name> we could see the hits counts also getting increase..? However when we checked with ASDM realtime monitoring (debugging) we could see those denies against configured ACL.
Can some experts please advise me on this, why we not see any deny logs against ACL, why it not even shown with deny log command?, not sure weather we hitting a bug on this because on another fwsm running 4.0.12 I can see some deny logs against ACL even without deny log command at end of ACL?.
Thanks in advance.
01-02-2013 01:13 PM
Hi,
We have a FWSM running 4.1 but not the exact version you have.
I have never run into this problem.
I also didnt find any existing bug from Cisco site that could explain this
Generally the very basic configuration needed to show all connections attempts that are getting blocked by an interface ACL would be to set the logging level to
trap = to Syslog server
asdm = to ASDM
buffered = to log buffer
logging trap notifications
logging asdm notifications
logging buffered notifications
To show connection building and teardown messages you would need (and ofcourse the Deny messages like with notifications level)
logging informational
logging asdm informational
logging buffered informational
What kind of logging configurations do you have? Can you share your "show run logging" output
Provided the configurations are correct I would imagine that its something that would need to be looked by Cisco TAC
I generally avoid looking log through the buffer on CLI. Usually this is because there might be so many logs generated at one moment that many logs simply dont show in the buffer because there they are already overwritten by other log. Ofcourse I could increase the buffer size but I'd rather not. I usually gather it from our Syslog server or use ASDM for real time monitoring while troubleshooting some customer problem.
- Jouni
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide