Network Processor 3 is a specific ASIC on the FWSM that is responsible to establish new connections, do ACL checks etc. There are 2 more processor that process packets of existing connections and there is also the PC unit which is practically the CPU that does sysloging and inspections.
First, what do you mean that I can't get the right reports from the syslog server?
Second, I don't want the denied actions. I need to get the traffic reports (Top Hosts, Top Destinations, Top Conversation, Top Protocols) going through the firewall. Why the FWSM can't send the all the logs to the syslog?
By "There is no config to get the "whole and right traffic reports from the FA"", I meant that right reports is too subjective. You define what the right reports are and you make sure your syslogs can give you those.
The FWSM can send all the logs to the syslog. It will increase the cpu if you log at the lowest syslog level (debugging), but you can do it. It is up to you to use these logs to generate reports.
I'm having a kind of simillar issue, in my FWSM (ver 4.1.11) when I give show logging nothing is seeing (deny) against ACLs but it see any other logs (sytem), I added the deny with log (informational) at last to get more specifically those logs but even then it still doesn't show. I checked this with configuring logging buffered notification/debugging etc but still does not show any deny logs against ACL.?
However in another fwsm running ver 4.0.12 I can see deny logs against ACL.?.
Not sure I'm missing something or hittting any bug on ver 4.1.11..?, appreciate if you can shed some lights on this..?
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :