Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

To check logs on asa firewall

Hi Experts,

Need  a solution regarding broadcast.

There were lot of packet loss when i tired to ping inside interface of firewall.And my entire network was down.

When i checked in asdm there was DOS attack from particular ip  on of internal server .

Today also i faced a similar problem, And i was not able to even log on to asdm.

Is there any ways to check log on firewall other than syslog server

7 REPLIES
New Member

To check logs on asa firewall

Hi ajay

Thanks for the links.

Problem is it takes to much time to check logs on syslog server .To find from which ip the attack has taken place.

Due to packet loss we are not able to login on firewall asdm also.

Is there any way to check from which ip we are geeting attacks.

To check logs on asa firewall

Basically show connections should tell you whats going on in firewall based on that you can investigate . If you suspect DOS attack you can also check the utalization report of switchs and swicthport. If you have had syslog server it was easy job there is no magical command which tells you the host. You should investigate step by step.

New Member

To check logs on asa firewall

Thank you.

Gold

To check logs on asa firewall

Hi

Just my 2 cents on the subject.

First of all are you onsite or are you somewhere else ?

It sounds like you are onsite and that the inside server is sending more packets through the link than what the firewall or the link somewhere to the firewall can handle. Ie Link saturation.

If that is the case then set a monitor port on the switch where the firewall connects and setting up a sniffer software such as wireshark will tell you the offending address immediately. It is the one sending most of the packets.

The second thing you can do is to go to the firewall and connect a cable and run CLI commands instead of using the ASDM.

Third

Do you have any unused ports in the firewall setting up a log server on one of those would be a prudent thing.

Forth

It could be a faulty cable, that would give the same problem symptoms, but if the ASDM tells you that there is an attack, then most likely it is not a faulty cable.

Good luck

HTH

New Member

To check logs on asa firewall

Hi Hobbe,

Problem is even after changing the Private as well as public ip of the server .we have recieved the attack on the same server  with in a month.we have more than 100 servers set up in vmware .

Can u guide me in setting the wireshark.

To check logs on asa firewall

You frist need to setup SPAN port -

Switch(config)# monitor session 1 source interface fastEthernet0/1
Switch(config)# monitor session 1 destination interface fastEthernet0/2

Source would be interface where firewall inside is connected and destination port would be where a machine is connected on which wireshark is installed.

Wireshark is freeware you can download it from internet.

once SPAN is configured mirror of all the traffic in/out will be on destination port . In wireshark you can select the interface your NIC and click on start capture .

Thanks

Ajay

12882
Views
4
Helpful
7
Replies
CreatePlease to create content