I am sending the informational log,specifically the message id302013 of cisco ASA to syslog server. I am only concern about the built in message created from outside to inside direction. Is it possible through configuration so that I can only receive traffic in syslog sevrer that flow from outside to inside zone.
So you just want to have outbound connections being logged? That message wont work neither the build local-host. I dont think there is a way to do that. You can always submit a enhacement request to a Cisco Account manager. Thinking it a little bit you can try the following workaround:
What you can do is to set an ACL with a normal permit IP any any with the log keyword at the end and place it on the Interface for example inside on the inbound direction. I will log every attempt to estalish a connection outbound the ASA, then you can set the logging level for that and send it to the syslog server.
I tried to do so but I faced another problem. I set the log keyword at the end of ACL that is being applied to outside zone interface and configured FW to send only the message id 106100 to syslog server but enabling log gives some irrelevant traffic log. It catches the 1st response packet of traffic that is actually initiated from inside to outside direction which ideally should not happen caz return traffic goes via existing session. I have users in inside zone which connect to proxy server in outside zone. In case of proxy, the connection always bulit up by the user, not by the proxy server, but i get traffic log for those packets also that is replied by proxy( source port is known proxy port & destination ip is user's machine IP address and port is always unknown destination port). To make sure whether this packet initiated by the proxy server, I started capture log for both message ids 106100 & 302013 and found none of the build in message is generated after getting log for permitted message(getting generated by106100).So in case build in message is not getting generating, it is not proxy initiated traffic. I don;t know what is going on.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :