Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Log Access List - External syslog

Hi All,

Has anyone ever setup their ASA to log to an external server what traffic is going flowing thorough access-lists?

I dont want to have to analyse the traffic with capture as i would prefer to let the logs build up over a couple of weeks.

I want to harden rule base as IP is allowed between various networks. To achieve this succesfully I want to log the access-lists externally so I dont miss any tcp/udp ports etc

Thanks

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Log Access List - External syslog

the "test" is like a filter for what messages one wants to see on the syslog server.

the below link should help you understand better

http://www.cisco.com/en/US/docs/security/asa/asa72/system/message/logmsgs.html#wp1279924

darkbeatz,

you can add the keyword "log" to any number of ACE's in your ACL and analyze it on the syslog.

HTH

Vikram

5 REPLIES

Re: Log Access List - External syslog

do these steps

1) logging on

2) logging list test message 106100

3) logging trap test

4) logging host <> x.x.x.x

106100 - gives you ports and protocols for the permitted traffic , I have tried this config by having an " access-list inside permit ip any any log " to analyze what kind of traffic is traversing the firewall.

you can find the complete list of syslog message numbers here

http://www.cisco.com/en/US/docs/security/asa/asa72/system/message/syslog.html

HTH

Vikram

New Member

Re: Log Access List - External syslog

Thanks Vikram.

Does test in this command refer to an access-list called test?

New Member

Re: Log Access List - External syslog

let me be more clear.

Does the logging analyse all access-lists on the firewall or can I specifically monitor each acl

thanks

Re: Log Access List - External syslog

the "test" is like a filter for what messages one wants to see on the syslog server.

the below link should help you understand better

http://www.cisco.com/en/US/docs/security/asa/asa72/system/message/logmsgs.html#wp1279924

darkbeatz,

you can add the keyword "log" to any number of ACE's in your ACL and analyze it on the syslog.

HTH

Vikram

New Member

Re: Log Access List - External syslog

Superb thank you.

272
Views
5
Helpful
5
Replies