Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Firewall log

I have an ASA whose end of access list for a group doesnt showup the implicit deny ip any line.I believe this is by implicit built in, but it doesnt show up in config.Does this require to be added in manually at the end of acl & should it be appended with log keyword to show up logs of denial?

Would the traffic that is being permitted be shown in logs(sh log asdm).Iam trying to work on a case but when access is tested (which is permitted) i dont see anything with this command, but i can see the connection table for this in connections?

Please suggest.

Community Member

Re: Firewall log

1) You only need no manualy add the deny any any to see the counter of all filtered traffic. (I do that)

2) You can see permited and denied traffic using log in debug or informational mode

logging enable

logging timestamp

logging buffer-size 1048576

logging buffered informational

And use sh log to see it.


Please rate all the helpful comments.

CreatePlease to create content