cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
550
Views
5
Helpful
5
Replies

Log Access List - External syslog

darkbeatzz
Level 1
Level 1

Hi All,

Has anyone ever setup their ASA to log to an external server what traffic is going flowing thorough access-lists?

I dont want to have to analyse the traffic with capture as i would prefer to let the logs build up over a couple of weeks.

I want to harden rule base as IP is allowed between various networks. To achieve this succesfully I want to log the access-lists externally so I dont miss any tcp/udp ports etc

Thanks

1 Accepted Solution

Accepted Solutions

the "test" is like a filter for what messages one wants to see on the syslog server.

the below link should help you understand better

http://www.cisco.com/en/US/docs/security/asa/asa72/system/message/logmsgs.html#wp1279924

darkbeatz,

you can add the keyword "log" to any number of ACE's in your ACL and analyze it on the syslog.

HTH

Vikram

View solution in original post

5 Replies 5

do these steps

1) logging on

2) logging list test message 106100

3) logging trap test

4) logging host <> x.x.x.x

106100 - gives you ports and protocols for the permitted traffic , I have tried this config by having an " access-list inside permit ip any any log " to analyze what kind of traffic is traversing the firewall.

you can find the complete list of syslog message numbers here

http://www.cisco.com/en/US/docs/security/asa/asa72/system/message/syslog.html

HTH

Vikram

Thanks Vikram.

Does test in this command refer to an access-list called test?

let me be more clear.

Does the logging analyse all access-lists on the firewall or can I specifically monitor each acl

thanks

the "test" is like a filter for what messages one wants to see on the syslog server.

the below link should help you understand better

http://www.cisco.com/en/US/docs/security/asa/asa72/system/message/logmsgs.html#wp1279924

darkbeatz,

you can add the keyword "log" to any number of ACE's in your ACL and analyze it on the syslog.

HTH

Vikram

Superb thank you.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: