enable syslog debug level 7 and send logs to syslog

gavin han · ‎06-06-2013

Hi,

on cisco ASA, I've to enable syslog debug level 7 and send logs to syslog. how to do that?

Julio Carvajal · ‎06-06-2013

Hello,

Logging enable

logging host inside x.x.x.x

logging trap 7

logging facility 23

Regards

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

gavin han · ‎06-07-2013

Thx. Would I need to add log for each ACL line? Ive ACL of more than 3000 lines so it would tough to write log for each acl line. Any alternative?

Sent from Cisco Technical Support Android App

James Leinweber · ‎06-07-2013

Unless you have been fiddling with logging levels previously, most ACE's will be using the cisco default logging, and at debug/7 level most of those will generate syslog entries. Don't forget that "show access-list" will show hits counts for the individual entries as well, independently of any syslog output.

Lastly, if a reload is an option, in your situation what I would do if modifying 3k lines was needed is:

1) copy startup-config a.txt

2) export a.txt by TFTP or SSH or USB or whatever

3) edit the configuration using offline tools with regular-expression capabilities such as textpad (windows) or vi or emacs or perl or ...

4) import the revised b.txt config

5) copy b.txt startup-config and reload

-- Jim Leinweber, WI State Lab of Hygiene

Julio Carvajal · ‎06-07-2013

Hello Gavin,

Well, my question is :

Would you like to log Permits as well... Or just Denies:

I would say just denies right?

If that is the case then by default it's gonna happen,

What is not gonna happen is the Logging for the last implicit deny rule so you will need to add it manually

access-list test deny ip any any log

Then you will get all the logs for traffic being denied across your firewall

Regards,

Julio

Hey Remember to rate all of the helpful posts

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC