Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Real-time Log Viewer filter not showing rule hits with ACL

Hello,

I'm running into this issue on an ASA 5520 running version 8.2(2)9 and ASDM version 6.2(1).

I have an ACL denying traffic to a certain IP range and the logging level set to Debugging.  The hit count is rising quite rapidly but when selecting "Show Log" the Real-Time Log Viewer opens with a value of 0x13d0ee2a in the "Filter By" field and no  logs are ever shown.

Logging is enabled globally and Logging Filters on ASDM is set to Debugging as well.

Any ideas on how I can get the RTLV working?

Thanks,

Rob

Everyone's tags (3)
7 REPLIES
New Member

Real-time Log Viewer filter not showing rule hits with ACL

Hi Rob,

By default if packet is permitted/denied by the access-list the log with the log id *106100* is generated which happens at notification level, There have been few bugs where we've seen issue like these.

Can you verify if you are seeing any logs either on ASDM/CLI with this syslog id 106100.

Instead of doing show rule, trying to capture logs in ASDM in real time monitoring and initiate some traffic and filter this using either source/destination ip address.

Puneet    

New Member

Real-time Log Viewer filter not showing rule hits with ACL

Sorry for the delay in responding, log ID 106100 shows disabled in ASDM.  I've enabled it, but Logging level shows N/A. and I don't seem to be able to change that.  Any ideas?

Super Bronze

Re: Real-time Log Viewer filter not showing rule hits with ACL

Hi,

Normally if you want to change logging message level the command would be

logging message level

Not sure if it helps in this situation.

If you just use ASDM you can use Tools -> Command Line Interface to insert the command

- Jouni

New Member

Re: Real-time Log Viewer filter not showing rule hits with ACL

I tried that but apparently it's a special syslog message that requires an ACL...

INFO: Please use the access-list command to change the severity level of this syslog

Super Bronze

Real-time Log Viewer filter not showing rule hits with ACL

Hi,

Well in CLI format when you configure an access-list line (ACE) the format is as follows.

access-list ACL permit ip any any log

To my understanding the syslog id you have discussed is related to the above "log" parameter that you attach to an ACE. Attaching the parameter "log" to the ACE means it will generate a log message of the hits to the particular ACE. Default without any "log" parameters configured in an ACL, only Deny messages are logged by the ASA.

- Jouni

New Member

Re: Real-time Log Viewer filter not showing rule hits with ACL

I'm trying to log ACL hits, and logging is set on the ACL I'm trying to monitor.  With that said, syslog 106100 messages are not being logged, so while hits are being recorded they aren't spitting out syslog messages.  I'm reading through the advanced syslong info on the ASA and it appears syslog 106100 requires some special treatment.

Super Bronze

Real-time Log Viewer filter not showing rule hits with ACL

Hi,

I am getting log messages on my home ASA atleast.

The Syslog ID is different depending on if I use the "log" parameter or not.

If I dont have log parameter, the traffic hitting the Deny line will log as 106023

If I do have the log paramter, the traffic hitting the Deny line will log as 106100

Both show on ASDM Real-Time Log Viewer

- Jouni

9020
Views
0
Helpful
7
Replies
CreatePlease to create content