07-28-2009 08:46 AM - edited 03-11-2019 09:00 AM
ASA 8.0 ASDM 6.1
Just for clarification, if an ACL entry has the logging field set for "informational", both permitted and denied traffic to that destination IP will be logged and/or viewable in the real-time monitor, correct? How about the hit counter for that specific entry? Does the counter reflect how many times a packet met the rule and was permitted, denied, or a combination of both? Below is the ACE in question, but my question is in general.
access-list LGC-IN extended permit tcp any host 162.109.77.21 eq smtp log
access-list LGC-IN extended permit tcp any host 162.109.77.21 eq https log
07-28-2009 12:45 PM
When you apply logging to an ACL it will log at the Informational level (and visible in ASDM monitor). The hit counter will increase each time a packets hits the rule, but only for what the rule is configured. Typically you don't log permits, it doesn't make much sense since you trust that traffic. You can do it, you just need the specific rule in your ACL.
Hope that helps.
07-29-2009 04:57 AM
Hi Colin,
The goal of logging the permits was to verify certain traffic was coming through.
Based on the rules I set up:
access-list LGC-IN extended permit tcp any host 162.109.77.21 eq smtp log
access-list LGC-IN extended permit tcp any host 162.109.77.21 eq https log
I should be seeing the permits logged, sound right?
07-29-2009 05:06 AM
Yes you should. Make sure there is not a more permissive permit above these.
07-29-2009 05:33 AM
Good point. Thanks for your help.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide