Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA 5520 - Security Audit

Hello,

I would like to pull a report for the last 24 hours of all external connection attempts to our ASA.  I went into Monitoring via the ASMD (7.1) and changed the logging level to "Informational" however I do not see anything coming in it only seems to be showing my internal going out.  Could someone please supply me with some information or direction on where I could find documents for this.

Thanks,

Greg

2 ACCEPTED SOLUTIONS

Accepted Solutions
Silver

ASA 5520 - Security Audit

The ASA has a logging buffer that by default is short, it is expected that if you are monitoring traffic to or through the ASA you configure a Syslog server since past events are not saved into disk unless specified.

Value our effort and rate the assistance!

ASA 5520 - Security Audit

Hello Gregory

My recommendation for this is to leverage the UDP Syslog packets to a External device so you can save memory on the ASA for different traffic.

Note: You should consider Netflow as it will provide you granularity and also depending on the vendor software they will build reports, etc on their own with the data send to the collector.

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
5 REPLIES
Silver

ASA 5520 - Security Audit

The ASA has a logging buffer that by default is short, it is expected that if you are monitoring traffic to or through the ASA you configure a Syslog server since past events are not saved into disk unless specified.

Value our effort and rate the assistance!

ASA 5520 - Security Audit

Hello Gregory

My recommendation for this is to leverage the UDP Syslog packets to a External device so you can save memory on the ASA for different traffic.

Note: You should consider Netflow as it will provide you granularity and also depending on the vendor software they will build reports, etc on their own with the data send to the collector.

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
New Member

ASA 5520 - Security Audit

Thanks guys,

I actually did setup a syslog server thinking that was going to be the ticket but wasn't 100% sure.  I will take a look at Netflow options down the road.

New Member

ASA 5520 - Security Audit

Guys, 

I have a Syslog up and running but am finding I'm not really getting the information I was expecting.   I was thinking I would see numerous denied attempts to say port 3389, 23, or other well known ports but really I'm pretty much just seeing alot of "Teardown connections", "Built connections", "Access List permitted", and some randle "Deny TCP (no connection).  Now I think the Deny TCP (no connection) may be what I'm looking for but I really expected to see quite a bit more of this type of traffic?  I figured I'd pick up some port scanning attempts or something maybe it's there and I just am not viewing it correctly or maybe I'm looking in the wrong place?  Maybe I'm just expecting more negative then I should be.  Any thoughts?

Thanks,

Greg

ASA 5520 - Security Audit

Hello Greg,

So you are not seeing any Deny ACL???

Look for log ID 106023

106023

106023

106023

106023

106023 p

106023 p

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
328
Views
0
Helpful
5
Replies