05-24-2010 09:57 AM - edited 03-11-2019 10:49 AM
We currently receive syslogs (informational) for all connections but have recently deployed an auditing tool that requires that each ACL also be set to log. Is there a way to globally set all ACLs to log?
05-24-2010 10:22 AM
Hi,
Are you referring to an ASA?
In the ASA you can set the ''log'' keyword at the end of the statement to generate a log for that line. This must be done on all ACEs in the ACL.
Also, you can set the alert-interval for those logs (access-list alert-interval)
Federico.
05-24-2010 10:25 AM
Thank you for the reply. The issue that we are having is that we currently manage hundreds of ASA's , each with hundreds of ACE's per
ACL. Is there a way to globally set each ACE to log without redoing every single ACL?
05-24-2010 10:30 AM
I don't think there's a way to globally enable logging for all the ACLs on the ASA itself, because you normall want to do this on specific ACEs.
However if you use Cisco Security Monitor you might be able to inject such a policy to all ASAs simultaneously.
Federico.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: