FWSM - ACL Deny with log command not shown in show logging
We having FWSM running ver 4.1.11. We have configured deny ACEs with log command at the end of ACL but when give show logging, there is no any deny ACL logs and it shows simply only the system logs. We verified with changing logging buffered level with informational/notification/debugging still could not see any denies against ACL. when given show access-list <acl-name> we could see the hits counts also getting increase..? However when we checked with ASDM realtime monitoring (debugging) we could see those denies against configured ACL.
Can some experts please advise me on this, why we not see any deny logs against ACL, why it not even shown with deny log command?, not sure weather we hitting a bug on this because on another fwsm running 4.0.12 I can see some deny logs against ACL even without deny log command at end of ACL?.
Re: FWSM - ACL Deny with log command not shown in show logging
We have a FWSM running 4.1 but not the exact version you have.
I have never run into this problem.
I also didnt find any existing bug from Cisco site that could explain this
Generally the very basic configuration needed to show all connections attempts that are getting blocked by an interface ACL would be to set the logging level to
trap = to Syslog server
asdm = to ASDM
buffered = to log buffer
logging trap notifications
logging asdm notifications
logging buffered notifications
To show connection building and teardown messages you would need (and ofcourse the Deny messages like with notifications level)
logging asdm informational
logging buffered informational
What kind of logging configurations do you have? Can you share your "show run logging" output
Provided the configurations are correct I would imagine that its something that would need to be looked by Cisco TAC
I generally avoid looking log through the buffer on CLI. Usually this is because there might be so many logs generated at one moment that many logs simply dont show in the buffer because there they are already overwritten by other log. Ofcourse I could increase the buffer size but I'd rather not. I usually gather it from our Syslog server or use ASDM for real time monitoring while troubleshooting some customer problem.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...