Logging and the hit counter

oneirishpollack · ‎07-28-2009

ASA 8.0 ASDM 6.1

Just for clarification, if an ACL entry has the logging field set for "informational", both permitted and denied traffic to that destination IP will be logged and/or viewable in the real-time monitor, correct? How about the hit counter for that specific entry? Does the counter reflect how many times a packet met the rule and was permitted, denied, or a combination of both? Below is the ACE in question, but my question is in general.

access-list LGC-IN extended permit tcp any host 162.109.77.21 eq smtp log

access-list LGC-IN extended permit tcp any host 162.109.77.21 eq https log

Collin Clark · ‎07-28-2009

When you apply logging to an ACL it will log at the Informational level (and visible in ASDM monitor). The hit counter will increase each time a packets hits the rule, but only for what the rule is configured. Typically you don't log permits, it doesn't make much sense since you trust that traffic. You can do it, you just need the specific rule in your ACL.

Hope that helps.

oneirishpollack · ‎07-29-2009

Hi Colin,

The goal of logging the permits was to verify certain traffic was coming through.

Based on the rules I set up:

access-list LGC-IN extended permit tcp any host 162.109.77.21 eq smtp log

access-list LGC-IN extended permit tcp any host 162.109.77.21 eq https log

I should be seeing the permits logged, sound right?

Collin Clark · ‎07-29-2009

Yes you should. Make sure there is not a more permissive permit above these.

oneirishpollack · ‎07-29-2009

Good point. Thanks for your help.