Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Cisco ASA ACE logging

I use a Cisco ASA 5520 with version 8.2(2)

What I want to do ist to log some of the ACEs configured.

How it works:

# logging enable

# logging trap informational

# logging host inside x.x.x.x

# access-list inside_access_in extended permit ip any any log

=> This gives me the 6-106100 message for every hit of this ACE
Now the problem:
I want to have the same 6-106100 message for this ACE even if I configure logging trap to errors:

# logging trap errors

# access-list inside_access_in extended permit ip any any log errors

In this case my syslog server does not get theese 6-106100 messages. But why?

Changing the severity of this message does not work either:

# logging message 106100 level errors

INFO: Please use the access-list command to change the severity level of this syslog

I did not find any way to have theese 6-106100 messages sent to my syslog server if the logging trap command is set to anything lower than informational.
Any ideas?

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Cisco ASA ACE logging

Pls. remove that acl line and then put it back again with the changed logging level.

It will work and show you 106100 in error level.

The reason is that when the log is hit for that traffic and when you change the level it doesn't take the newly changed level until traffic stops flowing matching the acl.

-KS

5 REPLIES
Cisco Employee

Re: Cisco ASA ACE logging

Maybe you want to try to change the default interval to 1 second on the access-list.

access-list inside_access_in extended permit ip any any log errors interval 1

Probably just test logging to buffer and see if you are seeing those messages:


logging buffered errors

logging buffer-size 10000

New Member

Re: Cisco ASA ACE logging

No, still the same

If I use

#access-list inside-clients_access_in extended permit ip any any log interval 1

(which defaults to informational) then I can see the 106100 messages

If I use

#access-list inside-clients_access_in extended permit ip any any log errors interval 1

I cannot see the 106100 messages (neither with 'logging buffered informational' nor with 'logging buffered erros')

Cisco Employee

Re: Cisco ASA ACE logging

Sounds like a bug to me.

Cisco Employee

Re: Cisco ASA ACE logging

Pls. remove that acl line and then put it back again with the changed logging level.

It will work and show you 106100 in error level.

The reason is that when the log is hit for that traffic and when you change the level it doesn't take the newly changed level until traffic stops flowing matching the acl.

-KS

New Member

Re: Cisco ASA ACE logging

Thanks to kusankar

Now I'm able to log theese 106100 messages even if trap severity is set to error.

It's just a little bit annoying to first have to remove an ACL line an then put it back again. During this time I may loose some conections because of the missing ACL line (even it's just a few seconds).

Thanks

Patrik

3669
Views
0
Helpful
5
Replies
CreatePlease to create content