I don't what you mean by 'filter the live feed', can you explain what you want to see/troubleshoot?
Maybe the packet capture feature is what you are looking for.
I'll try again:
I'm setting up a new 5505 and some of my inbound connections fail.
using packet-tracer I verified they are configured correctly and I look for other info on their failure
I want to look at the ASDM log (which is live on screen log) while attempting a connection from the outside and see what really happen there - it would be easier to troubleshoot
Yes, there is.
1- Send your syslog to a Linux syslog server.
Make sure your /etc/sysconfig/syslog you have
the "-x -r" for accepting syslog from remote
2- in the /etc/syslog.conf, make sure your your
localX matches with what you set on the ASA.
Let say that your have local20 on the ASA,
it should be local4.* in the /etc/syslog.conf
3- restart syslog with "service syslog restart"
Assumping that you're logging syslog to
/var/log/router.log, you just need to
do "tail -f /var/log/router.log | grep x.x.x.x" or whatever the string you want
to filter, you will see the log in real-time.
That is easy right?
1. SETUP A SYSLOG SERVER.
2. GENERATE TRAFFIC.
3. SEARCH IN SYSLOGS STORED AT SYSLOG SERVER BASED OF SOURCE/DESTI IP + POST ( /25 FOR SMTP ) ....
Here are the steps for setting up the syslog server.
First you would need to install a syslog server software on one of the computers. You may
download one of the popular kiwisyslog server from
http://www.kiwisyslog.com/software_downloads.htm . It is listed as Kiwi
Syslog Daemon and latest version is 8.2.8. You may download standard edition that runs as
Once the syslog server is installed you will then need to login into the ASA in
configuration terminal mode and enter the following commands.
logging host [in_if_name] ip_address
(example: logging host inside 18.104.22.168
We are assuming syslog server is installed on computer with IP address 22.214.171.124 in the
logging trap 4
These commands will enable the ASA to start sending syslog messages to the syslog server.
For more information on logging commands you may refer to this URL:
.0-emergencies-System unusable messages
.1-alerts-Take immediate action
.5-notifications-Normal but significant condition
.7-debugging-Debug messages and log FTP commands and WWW URLs
dO RATE hELPFUL PosTS.
".7-debugging-Debug messages and log FTP commands and WWW URLs"
I thought "logging trap 6" will allow you to
log WWW URLs.
The other thing is that with Linux syslog,
it allows you the ability to use "grep", sed
and awk which you can parse and filter syslog
in "real-time" to track down whatever you want
to see. Can Kiwi Syslog do that?