Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

ASA 5505 log

how do I filter specific data on\off my log?

I see endless SMTP traffic and can't find what I'm looking for. I need to troubleshoot specific ports\IPs

11 REPLIES

Re: ASA 5505 log

Use the command line. Something like the following;

show log | include smtp

or

show log | include 192.168.1.10

Hope that helps.

New Member

Re: ASA 5505 log

that would only show already logged data

I want to filter the live feed (via ASDM or same data on console)

Re: ASA 5505 log

I don't what you mean by 'filter the live feed', can you explain what you want to see/troubleshoot?

Maybe the packet capture feature is what you are looking for.

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a008009402f.shtml#trouble

New Member

Re: ASA 5505 log

I'll try again:

I'm setting up a new 5505 and some of my inbound connections fail.

using packet-tracer I verified they are configured correctly and I look for other info on their failure

I want to look at the ASDM log (which is live on screen log) while attempting a connection from the outside and see what really happen there - it would be easier to troubleshoot

Re: ASA 5505 log

Ahh I see. I don't really use ASDM that much, but I don't think there is a way to filter the events.

Silver

Re: ASA 5505 log

Yes, there is.

1- Send your syslog to a Linux syslog server.

Make sure your /etc/sysconfig/syslog you have

the "-x -r" for accepting syslog from remote

devices,

2- in the /etc/syslog.conf, make sure your your

localX matches with what you set on the ASA.

Let say that your have local20 on the ASA,

it should be local4.* in the /etc/syslog.conf

3- restart syslog with "service syslog restart"

Assumping that you're logging syslog to

/var/log/router.log, you just need to

do "tail -f /var/log/router.log | grep x.x.x.x" or whatever the string you want

to filter, you will see the log in real-time.

That is easy right?

Re: ASA 5505 log

He's looking for a filter that can be applied to the log viewer in ASDM.

Cisco Employee

Re: ASA 5505 log

1. SETUP A SYSLOG SERVER.

2. GENERATE TRAFFIC.

3. SEARCH IN SYSLOGS STORED AT SYSLOG SERVER BASED OF SOURCE/DESTI IP + POST ( /25 FOR SMTP ) ....

Here are the steps for setting up the syslog server.

First you would need to install a syslog server software on one of the computers. You may

download one of the popular kiwisyslog server from

http://www.kiwisyslog.com/software_downloads.htm . It is listed as Kiwi

Syslog Daemon and latest version is 8.2.8. You may download standard edition that runs as

a program.

Once the syslog server is installed you will then need to login into the ASA in

configuration terminal mode and enter the following commands.

logging host [in_if_name] ip_address

(example: logging host inside 1.2.3.4

We are assuming syslog server is installed on computer with IP address 1.2.3.4 in the

inside network.)

logging timestamp

logging trap 4

logging on

These commands will enable the ASA to start sending syslog messages to the syslog server.

For more information on logging commands you may refer to this URL:

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_refer

ence_chapter09186a008010578b.html#1028090

----------------------------------------------------------------------------------

Trap levels

.0-emergencies-System unusable messages

.1-alerts-Take immediate action

.2-critical-Critical condition

.3-errors-Error message

.4-warnings-Warning message

.5-notifications-Normal but significant condition

.6-informational-Information message

.7-debugging-Debug messages and log FTP commands and WWW URLs

dO RATE hELPFUL PosTS.

Regards,

Sushil

New Member

Re: ASA 5505 log

does logging on= logging enabled?

Cisco Employee

Re: ASA 5505 log

Yes.

Silver

Re: ASA 5505 log

".7-debugging-Debug messages and log FTP commands and WWW URLs"

I thought "logging trap 6" will allow you to

log WWW URLs.

The other thing is that with Linux syslog,

it allows you the ability to use "grep", sed

and awk which you can parse and filter syslog

in "real-time" to track down whatever you want

to see. Can Kiwi Syslog do that?

1603
Views
0
Helpful
11
Replies
CreatePlease to create content