Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

isolate logs on an access-list on asa

is it possible to isolate the logs of an access-list on asa?

ex.

access-list ACL permit ip host hostA host hostB

access-list ACL permit ip any any

in here, i want to know what are the traffic flowing on the second line of my access-list (permit ip any any).

thanks

5 REPLIES
New Member

Re: isolate logs on an access-list on asa

maybe something like :

access-list ACL permit ip host hostA host hostB log

access-list ACL permit ip any any log

but I'd rather put

access-list ACL permit tcp any any log

access-list ACL permit udp any any log

etc ..

hope it helps

Cisco Employee

Re: isolate logs on an access-list on asa

Hi,

Put in the log option at the end of acl for which you want to log traffic.

access-list ACL permit ip any any log

Set up a syslog server to which the syslogs would be sent.There,you can search for " access-list " or " hitcnt " for the relevant syslogs explaining what traffic was permitted by the acl.

Regards,

Sushil

Cisco Employee

Re: isolate logs on an access-list on asa

Here are the steps for setting up the syslog server.

First you would need to install a syslog server software on one of the computers. You may

download one of the popular kiwisyslog server from

http://www.kiwisyslog.com/software_downloads.htm . It is listed as Kiwi

Syslog Daemon and latest version is 8.2.8. You may download standard edition that runs as

a program.

Once the syslog server is installed you will then need to login into the ASA in

configuration terminal mode and enter the following commands.

logging host [in_if_name] ip_address

(example: logging host inside 1.2.3.4

We are assuming syslog server is installed on computer with IP address 1.2.3.4 in the

inside network.)

logging timestamp

logging trap 4

logging on

These commands will enable the ASA to start sending syslog messages to the syslog server.

For more information on logging commands you may refer to this URL:

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_refer

ence_chapter09186a008010578b.html#1028090

----------------------------------------------------------------------------------

Trap levels

.0-emergencies-System unusable messages

.1-alerts-Take immediate action

.2-critical-Critical condition

.3-errors-Error message

.4-warnings-Warning message

.5-notifications-Normal but significant condition

.6-informational-Information message

.7-debugging-Debug messages and log FTP commands and WWW URLs

New Member

Re: isolate logs on an access-list on asa

hi,

so do i still need to put the log option after the ACE. I wanted only a particular ACE logs to be sent to the syslog server...

thanks

Cisco Employee

Re: isolate logs on an access-list on asa

Yes,that is correct....

Please rate if helpful.

Regards,

Sushil.

247
Views
14
Helpful
5
Replies
CreatePlease to create content